aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorschererleander <leander@schererleander.de>2026-02-05 12:03:07 +0100
committerschererleander <leander@schererleander.de>2026-02-05 15:19:41 +0100
commit3b13d9a2a367db84d48940460532c17a374bb488 (patch)
tree599110a39c4baecf3991fe9a58d0103a43c38896 /modules
parent46aa4842b98d9215baca00060c233f386a0c2188 (diff)
feat(modules): use dendritic pattern
Diffstat (limited to 'modules')
-rw-r--r--modules/flake-parts.nix12
-rw-r--r--modules/flake/darwin.nix33
-rw-r--r--modules/flake/home.nix23
-rw-r--r--modules/flake/nixos.nix63
-rw-r--r--modules/flake/systems.nix9
-rw-r--r--modules/home/browsers/firefox/default.nix273
-rw-r--r--modules/home/cli/opencode/default.nix26
-rw-r--r--modules/home/cli/tmux/default.nix50
-rw-r--r--modules/home/editors/neovim/default.nix65
-rw-r--r--modules/home/editors/vscode/default.nix139
-rw-r--r--modules/home/editors/zed/default.nix52
-rw-r--r--modules/home/git/default.nix82
-rw-r--r--modules/home/gpg/default.nix62
-rw-r--r--modules/home/media/jellyfin-mpv-shim/default.nix38
-rw-r--r--modules/home/media/mpv/default.nix67
-rw-r--r--modules/home/media/nixcord/default.nix31
-rw-r--r--modules/home/media/spicetify/default.nix39
-rw-r--r--modules/home/productivity/anki/default.nix24
-rw-r--r--modules/home/productivity/latex/default.nix43
-rw-r--r--modules/home/shells/bash/default.nix40
-rw-r--r--modules/home/shells/zsh/default.nix72
-rw-r--r--modules/home/terminal/kitty.nix33
-rw-r--r--modules/home/zathura/default.nix37
-rw-r--r--modules/hosts/adam/configuration.nix56
-rw-r--r--modules/hosts/adam/flake-parts.nix15
-rw-r--r--modules/hosts/adam/hardware-configuration.nix49
-rw-r--r--modules/hosts/lilith/configuration.nix64
-rw-r--r--modules/hosts/lilith/flake-parts.nix15
-rw-r--r--modules/hosts/sachiel/configuration.nix49
-rw-r--r--modules/hosts/sachiel/flake-parts.nix14
-rw-r--r--modules/hosts/sachiel/hardware-configuration.nix39
-rw-r--r--modules/nixos/desktop/cinnamon/default.nix24
-rw-r--r--modules/nixos/desktop/gnome/default.nix31
-rw-r--r--modules/nixos/desktop/kde/default.nix27
-rw-r--r--modules/nixos/dns/default.nix56
-rw-r--r--modules/nixos/hardware/printer/default.nix25
-rw-r--r--modules/nixos/hardware/wooting/default.nix18
-rw-r--r--modules/nixos/mullvad-vpn/default.nix18
-rw-r--r--modules/nixos/openssh/default.nix26
-rw-r--r--modules/nixos/plymouth/default.nix41
-rw-r--r--modules/nixos/server/nextcloud/default.nix138
-rw-r--r--modules/nixos/server/nginx/default.nix42
-rw-r--r--modules/nixos/server/openssh/default.nix44
-rw-r--r--modules/nixos/server/site/default.nix28
-rw-r--r--modules/nixos/steam/default.nix28
-rw-r--r--modules/nixos/sunshine/default.nix22
-rw-r--r--modules/programs/anki.nix14
-rw-r--r--modules/programs/bash.nix30
-rw-r--r--modules/programs/firefox.nix140
-rw-r--r--modules/programs/git.nix48
-rw-r--r--modules/programs/jellyfin-mpv-shim.nix37
-rw-r--r--modules/programs/latex.nix33
-rw-r--r--modules/programs/mpv.nix48
-rw-r--r--modules/programs/neovim/default.nix48
-rw-r--r--modules/programs/neovim/init.lua (renamed from modules/home/editors/neovim/init.lua)1
-rw-r--r--modules/programs/nixcord.nix28
-rw-r--r--modules/programs/obsidian.nix9
-rw-r--r--modules/programs/opencode.nix14
-rw-r--r--modules/programs/spicetify.nix34
-rw-r--r--modules/programs/steam.nix15
-rw-r--r--modules/programs/vscode.nix63
-rw-r--r--modules/programs/zed.nix40
-rw-r--r--modules/programs/zsh.nix62
-rw-r--r--modules/secrets/default.nix47
-rw-r--r--modules/services/dns.nix34
-rw-r--r--modules/services/gpg.nix17
-rw-r--r--modules/services/nextcloud.nix131
-rw-r--r--modules/services/nginx.nix27
-rw-r--r--modules/services/openssh.nix35
-rw-r--r--modules/services/site.nix20
-rw-r--r--modules/services/sunshine.nix13
-rw-r--r--modules/system/audio.nix (renamed from modules/nixos/hardware/audio/default.nix)9
-rw-r--r--modules/system/bluetooth.nix (renamed from modules/nixos/hardware/bluetooth/default.nix)9
-rw-r--r--modules/system/kde.nix17
-rw-r--r--modules/system/mullvad-vpn.nix11
-rw-r--r--modules/system/plymouth.nix31
-rw-r--r--modules/system/printer.nix15
-rw-r--r--modules/system/secrets.nix50
-rw-r--r--modules/system/wooting.nix11
-rw-r--r--modules/users/schererleander/configuration.nix22
-rw-r--r--modules/users/schererleander/darwin.nix14
-rw-r--r--modules/users/schererleander/flake-parts.nix28
-rw-r--r--modules/users/schererleander/nixos.nix14
83 files changed, 1468 insertions, 1933 deletions
diff --git a/modules/flake-parts.nix b/modules/flake-parts.nix
new file mode 100644
index 0000000..d5db132
--- /dev/null
+++ b/modules/flake-parts.nix
@@ -0,0 +1,12 @@
+{ inputs, ... }:
+{
+ imports = [
+ inputs.flake-parts.flakeModules.modules
+ ];
+ systems = [
+ "x86_64-linux"
+ "aarch64-linux"
+ "aarch64-darwin"
+ "x86_64-darwin"
+ ];
+}
diff --git a/modules/flake/darwin.nix b/modules/flake/darwin.nix
deleted file mode 100644
index cc59bf6..0000000
--- a/modules/flake/darwin.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{
- inputs,
- config,
- self,
- ...
-}:
-
-{
- flake.darwinConfigurations = {
- lilith = inputs.nix-darwin.lib.darwinSystem {
- system = "aarch64-darwin";
- specialArgs = {
- inherit inputs;
- host = "lilith";
- };
- modules = [
- inputs.home-manager.darwinModules.home-manager
- {
- home-manager.extraSpecialArgs = { inherit inputs; };
- home-manager.sharedModules = [ config.flake.homeModules.default ];
- }
- (self + /hosts/lilith/configuration.nix)
- {
- nixpkgs.config.allowUnfree = true;
- nix.settings.experimental-features = [
- "nix-command"
- "flakes"
- ];
- }
- ];
- };
- };
-}
diff --git a/modules/flake/home.nix b/modules/flake/home.nix
deleted file mode 100644
index 2ac2b45..0000000
--- a/modules/flake/home.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ inputs, self, ... }:
-
-let
- inherit (inputs.nixpkgs) lib;
- import-tree = inputs.import-tree.withLib lib;
-
- homeModuleFiles = import-tree.leafs (self + /modules/home);
-in
-{
- imports = [
- inputs.home-manager.flakeModules.home-manager
- ];
-
- flake.homeModules = {
- default = {
- imports = homeModuleFiles ++ [
- inputs.sops-nix.homeManagerModules.sops
- inputs.nixcord.homeModules.nixcord
- inputs.spicetify-nix.homeManagerModules.spicetify
- ];
- };
- };
-}
diff --git a/modules/flake/nixos.nix b/modules/flake/nixos.nix
deleted file mode 100644
index 40145ea..0000000
--- a/modules/flake/nixos.nix
+++ /dev/null
@@ -1,63 +0,0 @@
-{
- inputs,
- config,
- self,
- ...
-}:
-
-let
- inherit (inputs.nixpkgs) lib;
- import-tree = inputs.import-tree.withLib lib;
-
- # Use import-tree.leafs to get list of NixOS module paths
- nixosModuleFiles = import-tree.leafs (self + /modules/nixos);
-
- # Common NixOS modules for all hosts
- commonNixosModules = nixosModuleFiles ++ [
- {
- nixpkgs.config.allowUnfree = true;
- nix.settings.experimental-features = [
- "nix-command"
- "flakes"
- ];
- }
- ];
-
- # Home-manager modules for hosts that use it
- homeManagerModules = [
- inputs.home-manager.nixosModules.home-manager
- {
- home-manager.backupFileExtension = "backup";
- home-manager.extraSpecialArgs = { inherit inputs; };
- home-manager.sharedModules = [ config.flake.homeModules.default ];
- }
- ];
-in
-{
- flake.nixosConfigurations = {
- adam = lib.nixosSystem {
- system = "x86_64-linux";
- specialArgs = {
- inherit inputs;
- host = "adam";
- };
- modules =
- commonNixosModules
- ++ homeManagerModules
- ++ [
- (self + /hosts/adam/configuration.nix)
- ];
- };
-
- sachiel = lib.nixosSystem {
- system = "x86_64-linux";
- specialArgs = {
- inherit inputs;
- host = "sachiel";
- };
- modules = commonNixosModules ++ [
- (self + /hosts/sachiel/configuration.nix)
- ];
- };
- };
-}
diff --git a/modules/flake/systems.nix b/modules/flake/systems.nix
deleted file mode 100644
index e66e2e1..0000000
--- a/modules/flake/systems.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ ... }:
-
-{
- # Define systems for perSystem (even if we don't use it much)
- systems = [
- "x86_64-linux"
- "aarch64-darwin"
- ];
-}
diff --git a/modules/home/browsers/firefox/default.nix b/modules/home/browsers/firefox/default.nix
deleted file mode 100644
index 2cb0656..0000000
--- a/modules/home/browsers/firefox/default.nix
+++ /dev/null
@@ -1,273 +0,0 @@
-{
- pkgs,
- inputs,
- config,
- lib,
- ...
-}:
-let
-
- cfg = config.nx.browsers.firefox;
- inherit (lib)
- mkEnableOption
- mkOption
- types
- mkIf
- optionalString
- optionalAttrs
- ;
-in
-{
-
- options.nx.browsers.firefox = {
- enable = mkEnableOption "mozilla firefox";
- blockGoogle = mkOption {
- description = "blocks google banner and other";
- type = types.bool;
- default = true;
- };
- transparent = mkOption {
- description = "make firefox transparent";
- type = types.bool;
- default = false;
- };
- cleanHome = mkOption {
- description = "clean up firefox home";
- type = types.bool;
- default = true;
- };
- hideRecommendations = mkOption {
- description = "hide firefox recommendations";
- type = types.bool;
- default = true;
- };
- disablePasswordManager = mkOption {
- description = "disable built-in browser password manager";
- type = types.bool;
- default = true;
- };
- };
-
- config = mkIf cfg.enable {
- programs.firefox = {
- enable = true;
- profiles.default = {
- extensions = {
- packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [
- ublock-origin
- istilldontcareaboutcookies
- sponsorblock
- decentraleyes
- vimium-c
- ];
-
- force = true;
-
- settings."uBlock0@raymondhill.net".settings = {
- UserMessaging = {
- uiTheme = "dark";
- uiAccentCustom = true;
- uiAccentCustom0 = "#2C2C2C";
- cloudStorageEnabled = false;
- contextMenuEnabled = false;
- };
- # Block annoying login with google banner
- userFilters = optionalString cfg.blockGoogle ''
- ||accounts.google.com/gsi/*
- '';
- };
- };
-
- search = {
- default = "DuckDuckGo";
- engines = {
- nix-packages = {
- name = "Nix Packages";
- urls = [
- {
- template = "https://search.nixos.org/packages";
- params = [
- {
- name = "type";
- value = "packages";
- }
- {
- name = "query";
- value = "{searchTerms}";
- }
- ];
- }
- ];
-
- icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
- definedAliases = [ "@np" ];
- };
-
- nixos-wiki = {
- name = "NixOS Wiki";
- urls = [ { template = "https://wiki.nixos.org/w/index.php?search={searchTerms}"; } ];
- iconMapObj."16" = "https://wiki.nixos.org/favicon.ico";
- definedAliases = [ "@nw" ];
- };
-
- bing.metaData.hidden = true;
- google.metaData.alias = "@g";
- };
- force = true;
- };
-
- userChrome = optionalString cfg.transparent ''
- /* Hide Back, Forward, Reload, Stop, All Tabs, Firefox View buttons */
- #back-button,
- #forward-button,
- #reload-button,
- #stop-button,
- #alltabs-button,
- #firefox-view-button {
- display: none !important;
- }
-
- .titlebar-buttonbox-container {
- display: none;
- }
-
- #tabbrowser-tabs {
- border-inline: none !important;
- }
-
- /* Transparent background tabs (above url bar) */
- #navigator-toolbox {
- -moz-appearance: -moz-vibrant-titlebar !important;
- background: rgba(0, 0, 0, 0.8) !important;
- }
-
- /* Transparent background (behind url bar) */
- #nav-bar {
- background: none !important;
- box-shadow: none !important;
- border-top: 0px !important;
- }
-
- .tab-background[selected="true"] {
- background-color: #393e43 !important;
- background-image: none !important;
- }
-
- .tab-background {
- background-color: var(--background) !important;
- color: var(--foreground) !important;
- box-shadow: none !important;;
- }
-
- .tab-background[selected] {
- background-color: rgba(0, 0, 0, 0.30) !important;
- color: var(--foreground) !important;
- box-shadow: none !important;
- }
-
- /* Needed for transparency in general */
- :root {
- --tabpanel-background-color: transparent !important;
- --chrome-content-separator-color: transparent !important;
- --toolbar-bgcolor: rgba(0, 0, 0, 0.9) !important;
- --newtab-background-color: rgba(0, 0, 0, 0.9) !important;
- --newtab-background-color-secondary: transparent !important;
- --toolbar-field-background-color: rgba(120, 120, 120, 0.10) !important;
- }
- '';
- userContent = optionalString cfg.transparent ''
- @-moz-document url-prefix("about:"), url("about:home") {
- /* Transparent about:settings about:config about:policies */
- :root {
- background: rgba(0, 0, 0, 0.0) !important;
- }
- }
-
- /* Transparent about:home */
- * {
- --newtab-background-color: transparent !important;
- --newtab-background-color-secondary: transparent !important;
- }
-
- /* Transparent elements in about:* */
- * {
- --in-content-page-background: transparent !important;
- --background-color-box: rgba(0, 0, 0, 0.5) !important;
- }
- '';
- };
-
- policies = {
- DisableTelemetry = true;
- DisableFirefoxStudies = true;
- PasswordManagerEnabled = !cfg.disablePasswordManager;
- OfferToSaveLogins = !cfg.disablePasswordManager;
- DisplayBookmarksToolbar = "never";
- NoDefaultBookmarks = true;
-
- Homepage = optionalAttrs cfg.cleanHome {
- URL = "about:blank";
- Locked = true;
- StartPage = "homepage";
- };
-
- NewTabPage = !cfg.cleanHome;
-
- PictureInPicture = {
- Enabled = false;
- };
-
- EnableTrackingProtection = {
- Value = true;
- Locked = true;
- Cryptomining = true;
- Fingerprinting = true;
- };
-
- EncryptedMediaExtensions = {
- Enabled = true;
- Locked = true;
- };
-
- FirefoxHome = {
- Search = true;
- TopSites = true;
- SponsoredTopSites = !cfg.cleanHome;
- Highlights = true;
- Pocket = !cfg.cleanHome;
- SponsoredPocket = !cfg.cleanHome;
- Locked = true;
- };
-
- UserMessaging = {
- ExtensionRecommendations = !cfg.hideRecommendations;
- FeatureRecommendations = !cfg.hideRecommendations;
- Locked = true;
- MoreFromMozilla = !cfg.hideRecommendations;
- SkipOnboarding = true;
- UrlbarInterventions = !cfg.hideRecommendations;
- };
-
- Preferences = {
- # Disable fullscreen notification
- "full-screen-api.warning.timeout" = "0";
-
- # Disable annoying translation popup
- "browser.translations.automaticallyPopup" = false;
-
- # Enable all extensions automatically
- "extensions.autoDisableScopes" = 0;
-
- # Hide ctr-tab tab preview menu
- "browser.ctrlTab.sortByRecentlyUsed" = false;
- }
- // optionalAttrs cfg.transparent {
- # transparency
- "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
- "browser.tabs.allow_transparent_browser" = true;
- "gfx.webrender.all" = true;
- };
- };
- };
- };
-}
diff --git a/modules/home/cli/opencode/default.nix b/modules/home/cli/opencode/default.nix
deleted file mode 100644
index 48be861..0000000
--- a/modules/home/cli/opencode/default.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{
- config,
- lib,
- ...
-}:
-let
- cfg = config.nx.cli.opencode;
- inherit (lib) mkEnableOption mkIf;
-in
-{
-
- options.nx.cli.opencode = {
- enable = mkEnableOption "opencode open source ai coding agent";
- };
-
- config = mkIf cfg.enable {
- programs.opencode = {
- enable = true;
- settings = {
- theme = "system";
- share = "disabled";
- autoupdate = false;
- };
- };
- };
-}
diff --git a/modules/home/cli/tmux/default.nix b/modules/home/cli/tmux/default.nix
deleted file mode 100644
index 989851c..0000000
--- a/modules/home/cli/tmux/default.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{
- config,
- pkgs,
- lib,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.cli.tmux;
-
-in
-{
- options.nx.cli.tmux = {
- enable = mkEnableOption "tmux";
- };
- config = mkIf cfg.enable {
- programs.tmux = {
- enable = true;
- keyMode = "vi";
- secureSocket = true;
- terminal = "xterm-256color";
- extraConfig = ''
- unbind C-b
- set-option -g prefix C-a
- bind-key C-a send-prefix
- bind -n M-Left select-pane -L
- bind -n M-Right select-pane -R
- bind -n M-Up select-pane -U
- bind -n M-Down select-pane -D
-
- # style
- set -g status-position top
- set -g status-justify absolute-centre
- set -g status-style 'fg=color7 bg=default'
- set -g status-right ""
- # set -g status-right ' #(cd #{pane_current_path}; git rev-parse --abbrev-ref HEAD)'
- # set -g status-right ""
- set -g status-left '#S'
- set -g status-left-style 'fg=color8'
- set -g status-right-length 0
- set -g status-left-length 100
- setw -g window-status-current-style 'fg=colour6 bg=default bold'
- setw -g window-status-current-format '#I:#W '
- setw -g window-status-style 'fg=color8'
-
- set -g mouse on
- '';
- };
- };
-}
diff --git a/modules/home/editors/neovim/default.nix b/modules/home/editors/neovim/default.nix
deleted file mode 100644
index ef97f89..0000000
--- a/modules/home/editors/neovim/default.nix
+++ /dev/null
@@ -1,65 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-
-let
- inherit (lib) mkEnableOption mkIf optionals;
- cfg = config.nx.editors.neovim;
-in
-{
- options.nx.editors.neovim = {
- enable = mkEnableOption "Neovim editor";
- };
-
- config = mkIf cfg.enable {
- programs.neovim = {
- defaultEditor = true;
- enable = true;
- package = pkgs.neovim-unwrapped;
- extraPackages =
- with pkgs;
- [
- tree-sitter
- git
- ripgrep
- fd
- gcc
- ]
- ++ (optionals true [ pkgs.gopls ])
- ++ (optionals true [
- pkgs.nil
- pkgs.nixfmt
- ])
- ++ (optionals true [ pkgs.lua-language-server ])
- ++ (optionals true [ pkgs.texlab ])
- ++ (optionals true [ pkgs.tinymist ]);
-
- plugins = with pkgs.vimPlugins; [
- gruvbox-nvim
- mini-starter
- gitsigns-nvim
- nvim-autopairs
- telescope-nvim
- fidget-nvim
- plenary-nvim
- nvim-treesitter.withAllGrammars
- nvim-lspconfig
- nvim-cmp
- cmp-nvim-lsp
- cmp-buffer
- cmp-path
- cmp-cmdline
- luasnip
- cmp_luasnip
- lspkind-nvim
- ];
-
- extraConfig = ''
- luafile ${./init.lua}
- '';
- };
- };
-}
diff --git a/modules/home/editors/vscode/default.nix b/modules/home/editors/vscode/default.nix
deleted file mode 100644
index 9762d92..0000000
--- a/modules/home/editors/vscode/default.nix
+++ /dev/null
@@ -1,139 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-
-let
- inherit (lib)
- mkEnableOption
- mkOption
- types
- mkIf
- optionals
- ;
- cfg = config.nx.editors.vscode;
-in
-{
- options.nx.editors.vscode = {
- enable = mkEnableOption "vscode editor";
-
- useVSCodium = mkOption {
- description = "Use vscodium instead of vscode";
- type = types.bool;
- default = false;
- };
-
- theme = mkOption {
- description = "Theme to use for vscode";
- type = types.enum [
- "minimal"
- "dark"
- "light"
- ];
- default = "minimal";
- };
-
- langs = {
- cmake = mkOption {
- description = "enable cmake integration";
- type = types.bool;
- default = false;
- };
- docker = mkOption {
- description = "enable docker integration";
- type = types.bool;
- default = false;
- };
- python = mkOption {
- description = "enable python integration";
- type = types.bool;
- default = false;
- };
- go = mkOption {
- description = "enable go integration";
- type = types.bool;
- default = false;
- };
- rust = mkOption {
- description = "enable rust integration";
- type = types.bool;
- default = false;
- };
- java = mkOption {
- description = "enable java integration";
- type = types.bool;
- default = false;
- };
- lua = mkOption {
- description = "enable lua integration";
- type = types.bool;
- default = false;
- };
- tailwindcss = mkOption {
- description = "enable tailwindcss integration";
- type = types.bool;
- default = false;
- };
- };
- };
-
- config = mkIf cfg.enable {
- programs.vscode = {
- enable = true;
- package = if cfg.useVSCodium then pkgs.vscodium else pkgs.vscode;
- mutableExtensionsDir = false;
- profiles.default = {
- enableUpdateCheck = true;
- enableExtensionUpdateCheck = true;
-
- userSettings = {
- "update.mode" = "none";
- "workbench.colorTheme" =
- if cfg.theme == "minimal" then
- "Minimal"
- else if cfg.theme == "dark" then
- "Default Dark Modern"
- else
- "Default Light Modern";
- "editor.fontFamily" = "monospace";
- "editor.tabSize" = 2;
- "editor.minimap.enabled" = false;
- "terminal.integrated.cursorStyle" = "underline";
- "terminal.integrated.cursorStyleInactive" = "underline";
- "terminal.integrated.fontFamily" = "monospace";
- "terminal.integrated.fontSize" = 13;
- "git.autofetch" = true;
- "window.controlsStyle" = "custom";
- };
-
- extensions =
- with pkgs.vscode-extensions;
- [
- github.copilot
- adpyke.codesnap
- esbenp.prettier-vscode
- ]
- ++ (optionals cfg.langs.cmake [ ms-vscode.cmake-tools ])
- ++ (optionals cfg.langs.docker [ ms-azuretools.vscode-docker ])
- ++ (optionals cfg.langs.python [ ms-python.python ])
- ++ (optionals cfg.langs.go [ golang.go ])
- ++ (optionals cfg.langs.rust [ rust-lang.rust-analyzer ])
- ++ (optionals cfg.langs.java [ vscjava.vscode-maven ])
- ++ (optionals cfg.langs.lua [ sumneko.lua ])
- ++ (optionals cfg.langs.tailwindcss [ bradlc.vscode-tailwindcss ])
- ++ (optionals (cfg.theme == "minimal") (
- pkgs.vscode-utils.extensionsFromVscodeMarketplace [
- {
- name = "minimalist-dark";
- publisher = "nichabosh";
- version = "1.0.0";
- sha256 = "sha256-lw+Scfada6DycLdRT2Cz+Fd12JucglIrw3uRd2ZhabQ=";
- }
- ]
- ));
- };
- };
- };
-}
diff --git a/modules/home/editors/zed/default.nix b/modules/home/editors/zed/default.nix
deleted file mode 100644
index 95c3be0..0000000
--- a/modules/home/editors/zed/default.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-{
- config,
- lib,
- ...
-}:
-
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.editors.zed-editor;
-in
-{
- options.nx.editors.zed-editor = {
- enable = mkEnableOption "zed editor";
- };
-
- config = mkIf cfg.enable {
- programs.zed-editor = {
- enable = true;
- extensions = [ "nix" ];
- userSettings = {
- telemetry = {
- metrics = false;
- };
- title_bar = {
- show_onboarding_banner = false;
- show_project_items = false;
- show_branch_name = false;
- show_user_menu = false;
- };
- tab_bar.show = false;
- toolbar.quick_actions = false;
- status_bar."experimental.show" = false;
- project_panel = {
- dock = "right";
- default_width = 400;
- hide_root = true;
- auto_fold_dirs = false;
- starts_open = false;
- git_status = false;
- sticky_scroll = false;
- scrollbar.show = "never";
- indent_guides.show = "never";
- };
- outline_panel = {
- default_width = 300;
- indent_guides.show = "never";
- };
- file_finder.modal_max_width = "large";
- };
- };
- };
-}
diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix
deleted file mode 100644
index 2d0855e..0000000
--- a/modules/home/git/default.nix
+++ /dev/null
@@ -1,82 +0,0 @@
-{
- config,
- lib,
- ...
-}:
-let
- cfg = config.nx.programs.git;
- inherit (lib)
- mkEnableOption
- mkOption
- mkIf
- types
- ;
-in
-{
- options.nx.programs.git = {
- enable = mkEnableOption "git";
-
- userName = mkOption {
- description = "Git username";
- type = types.str;
- default = "Leander Scherer";
- };
-
- userEmail = mkOption {
- description = "Git email";
- type = types.str;
- default = "leander@schererleander.de";
- };
-
- signKey = mkOption {
- description = "Sign key";
- type = types.nullOr types.str;
- default = "A3502B180BC1D41A";
- };
-
- signFlavor = mkOption {
- description = "Sign key flavor";
- type = types.enum [
- "ssh"
- "openpgp"
- ];
- default = "openpgp";
- };
- };
-
- config = mkIf cfg.enable {
- programs.git = {
- enable = true;
-
- signing = mkIf (cfg.signKey != null) {
- key = cfg.signKey;
- signByDefault = true;
- };
-
- ignores = [
- "*~"
- ".DS_Store"
- ".direnv"
- ".envrc"
- ];
-
- settings = {
- user.name = cfg.userName;
- user.email = cfg.userEmail;
- help.autocorrect = 20;
- alias = {
- st = "status";
- co = "checkout";
- br = "branch";
- };
- pull.rebase = true;
- gpg.format = cfg.signFlavor;
- url."git@github.com:".insteadOf = "https://github.com";
- };
- };
- programs.diff-highlight = {
- enable = true;
- enableGitIntegration = true;
- };
- };
-}
diff --git a/modules/home/gpg/default.nix b/modules/home/gpg/default.nix
deleted file mode 100644
index af08ae3..0000000
--- a/modules/home/gpg/default.nix
+++ /dev/null
@@ -1,62 +0,0 @@
-{
- config,
- pkgs,
- lib,
- ...
-}:
-
-let
- inherit (lib)
- mkOption
- types
- mkIf
- ;
- cfg = config.nx.programs.gpg;
-in
-{
-
- options.nx.programs.gpg = {
- enable = mkOption {
- description = "GNU Privacy Guard";
- type = types.bool;
- default = config.nx.programs.git.enable;
- };
-
- gpgKey = mkOption {
- description = "default gpg key";
- type = types.nullOr types.str;
- default = "";
- };
-
- pinentry = mkOption {
- description = "pinentry flavor";
- type = types.enum [
- "curses"
- "gnome3"
- "qt"
- "mac"
- ];
- default = if pkgs.stdenv.isDarwin then "mac" else "curses";
- };
- };
-
- config = lib.mkIf cfg.enable {
- programs.gpg = {
- enable = true;
- #settings.default-key = mkIf (cfg.gpgKey != null) cfg.gpgKey;
- };
-
- services.gpg-agent = {
- enable = true;
- pinentry.package =
- if cfg.pinentry == "gnome3" then
- pkgs.pinentry-gnome3
- else if cfg.pinentry == "qt" then
- pkgs.pinentry-qt
- else if cfg.pinentry == "mac" then
- pkgs.pinentry_mac
- else
- pkgs.pinentry-curses;
- };
- };
-}
diff --git a/modules/home/media/jellyfin-mpv-shim/default.nix b/modules/home/media/jellyfin-mpv-shim/default.nix
deleted file mode 100644
index 6594a70..0000000
--- a/modules/home/media/jellyfin-mpv-shim/default.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ config, lib, ... }:
-let
- cfg = config.nx.media.jellyfin-mpv-shim;
- inherit (lib) mkEnableOption mkIf optionalAttrs;
-in
-{
- options.nx.media.jellyfin-mpv-shim = {
- enable = mkEnableOption "Jellyfin MPV Shim";
- };
-
- config = mkIf cfg.enable {
- systemd.user.services.jellyfin-mpv-shim.Service.Environment = [
- "ENABLE_HDR_WSI=1"
- ];
-
- services.jellyfin-mpv-shim = {
- enable = true;
- settings = {
- player_name = "mpv-shim";
- allow_transcode_to_h256 = true;
- };
- mpvConfig = {
- vo = "gpu-next";
- gpu-api = "vulkan";
- target-colorspace-hint = "yes";
- target-peak = 500;
- }
- // (optionalAttrs false {
- target-trc = "pq";
- target-prim = "bt.2020";
- #target-peak = 406;
- #tone-mapping = "spline";
- #tone-mapping-mode = "rgb";
- inverse-tone-mapping = "yes";
- });
- };
- };
-}
diff --git a/modules/home/media/mpv/default.nix b/modules/home/media/mpv/default.nix
deleted file mode 100644
index f6ac360..0000000
--- a/modules/home/media/mpv/default.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{ config, lib, ... }:
-let
- cfg = config.nx.media.mpv;
- inherit (lib)
- mkEnableOption
- types
- optional
- mkIf
- mkOption
- ;
-in
-{
- options.nx.media.mpv = {
- enable = mkEnableOption "a free, open source, and cross-platform media player";
- hdrExpansion = mkEnableOption "SDR to HDR inverse tone mapping";
- targetPeak = mkOption {
- description = "Peak brightness of the display";
- type = types.int;
- default = 500; # For MO27Q28G
- };
- };
- config = mkIf cfg.enable {
- programs.mpv = {
- enable = true;
- config = {
- vo = "gpu-next";
- gpu-api = "vulkan";
- target-peak = cfg.targetPeak;
- target-colorspace-hint = "yes";
- };
- profiles = {
- # Dolby Vision profile
- "DOVI" = {
- profile-restore = "copy";
- profile-cond = "p[\"video-dec-params/gamma\"] == \"auto\"";
- target-trc = "pq";
- target-prim = "bt.2020";
- target-peak = cfg.targetPeak;
- tone-mapping-mode = "auto";
- };
-
- # SDR look while in HDR
- "SDR" = {
- profile-restore = "copy";
- target-trc = "pq";
- target-prim = "bt.2020";
- target-peak = 207;
- tone-mapping = "bt.2390";
- tone-mapping-mode = "rgb";
- inverse-tone-mapping = "yes";
- };
-
- # SDR to HDR inverse tone mapping
- "SDR_HDR_EFFECT" = {
- profile-restore = "copy";
- target-trc = "pq";
- target-prim = "bt.2020";
- target-peak = 406;
- tone-mapping = "spline";
- tone-mapping-mode = "rgb";
- inverse-tone-mapping = "yes";
- };
- };
- defaultProfiles = optional cfg.hdrExpansion "HDR_MODE:SDR_HDR_EFFECT";
- };
- };
-}
diff --git a/modules/home/media/nixcord/default.nix b/modules/home/media/nixcord/default.nix
deleted file mode 100644
index e2390a3..0000000
--- a/modules/home/media/nixcord/default.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{
- config,
- lib,
- ...
-}:
-let
- cfg = config.nx.media.nixcord;
- inherit (lib) mkEnableOption mkIf;
-in
-{
- options.nx.media.nixcord = {
- enable = mkEnableOption "nixcord and setup";
- };
- config = mkIf cfg.enable {
- programs.nixcord = {
- enable = true;
- config = {
- themeLinks = [
- "https://refact0r.github.io/system24/theme/system24.theme.css"
- ];
- frameless = true;
- plugins = {
- alwaysAnimate.enable = false;
- imageLink.enable = true;
- imageZoom.enable = true;
- translate.enable = true;
- };
- };
- };
- };
-}
diff --git a/modules/home/media/spicetify/default.nix b/modules/home/media/spicetify/default.nix
deleted file mode 100644
index e72f7f3..0000000
--- a/modules/home/media/spicetify/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{
- config,
- lib,
- pkgs,
- inputs,
- ...
-}:
-
-let
- spicePkgs = inputs.spicetify-nix.legacyPackages.${pkgs.stdenv.hostPlatform.system};
- cfg = config.nx.media.spicetify;
- inherit (lib) mkEnableOption mkIf;
-in
-{
- options.nx.media.spicetify = {
- enable = mkEnableOption "Command-line tool to customize the official Spotify client";
- };
-
- config = mkIf cfg.enable {
- nixpkgs.config.allowUnfree = true;
- programs.spicetify = {
- enable = true;
- enabledSnippets = with spicePkgs.snippets; [
- pointer
- sonicDancing
- modernScrollbar
- nyanCatProgressBar
- declutterNowPlayingBar
- ];
-
- enabledExtensions = with spicePkgs.extensions; [
- keyboardShortcut
- ];
-
- theme = spicePkgs.themes.sleek;
- colorScheme = "Coral";
- };
- };
-}
diff --git a/modules/home/productivity/anki/default.nix b/modules/home/productivity/anki/default.nix
deleted file mode 100644
index 6a95f83..0000000
--- a/modules/home/productivity/anki/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{
- config,
- lib,
- ...
-}:
-let
- cfg = config.nx.productivity.anki;
- inherit (lib) mkEnableOption mkIf;
-in
-{
- options.nx.productivity.anki = {
- enable = mkEnableOption "Anki free and open-source flashcard program";
- };
- config = mkIf cfg.enable {
- programs.anki = {
- enable = true;
- #style = "native";
- #addons = with pkgs.ankiAddons; [
- # anki-connect
- # review-heatmap
- #];
- };
- };
-}
diff --git a/modules/home/productivity/latex/default.nix b/modules/home/productivity/latex/default.nix
deleted file mode 100644
index 6f37138..0000000
--- a/modules/home/productivity/latex/default.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{
- config,
- options,
- pkgs,
- lib,
- ...
-}:
-let
- cfg = config.nx.productivity.latex;
- inherit (lib) mkEnableOption mkIf;
-in
-{
- options.nx.productivity.latex = {
- enable = mkEnableOption "LaTeX typesetting system";
- };
-
- config = mkIf cfg.enable {
- programs.texlive = {
- enable = true;
- # See https://mynixos.com/search?q=texlivepackages.collection for more collections
- # and https://mynixos.com/search?q=texlivepackages for more individual packages.
- extraPackages = tpkgs: {
- inherit (tpkgs)
- collection-basic
- collection-latex
- collection-latexrecommended
- biblatex
- ;
- };
- };
-
- home.packages = with pkgs; [
- biber
- ];
-
- programs.pandoc = {
- enable = true;
- defaults = {
- pdf-engine = "pdfetex";
- };
- };
- };
-}
diff --git a/modules/home/shells/bash/default.nix b/modules/home/shells/bash/default.nix
deleted file mode 100644
index d224442..0000000
--- a/modules/home/shells/bash/default.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{
- config,
- pkgs,
- lib,
- ...
-}:
-
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.shells.bash;
-in
-{
- options.nx.shells.bash = {
- enable = mkEnableOption "bash shell";
- };
-
- config = mkIf cfg.enable {
- home.packages = with pkgs; [
- zoxide
- ];
-
- programs.bash = {
- enable = true;
- enableCompletion = true;
- initExtra = ''
- # view man pages with nvim
- export MANPAGER="nvim +Man!"
-
- # vim keybindings
- set -o vi
-
- # zoxide smarter cd command
- eval "$(zoxide init bash)"
- '';
- shellAliases = {
- ls = "ls --color=auto";
- };
- };
- };
-}
diff --git a/modules/home/shells/zsh/default.nix b/modules/home/shells/zsh/default.nix
deleted file mode 100644
index 5da67c9..0000000
--- a/modules/home/shells/zsh/default.nix
+++ /dev/null
@@ -1,72 +0,0 @@
-{
- config,
- pkgs,
- lib,
- ...
-}:
-
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.shells.zsh;
-in
-{
- options.nx.shells.zsh = {
- enable = mkEnableOption "zsh shell";
- };
-
- config = mkIf cfg.enable {
- home.packages = with pkgs; [
- zoxide
- ];
-
- programs.zsh = {
- enable = true;
- enableCompletion = true;
- autosuggestion.enable = true;
- syntaxHighlighting.enable = true;
- initContent = ''
- # view man pages with nvim
- export MANPAGER="nvim +Man!"
-
- # Directory completion with trailing slash
- zstyle ':completion:*' list-dirs-first true
- zstyle ':completion:*' special-dirs true
- zstyle ':completion:*' squeeze-slashes true
- zstyle ':completion:*' add-space false
-
- # Case-insensitive completion
- zstyle ':completion:*' matcher-list 'm:{a-z}={A-Z}'
- # vim keybindings
- bindkey -v
-
- # Auto cd - type directory name to cd into it
- setopt AUTO_CD
-
- # Complete .. to ../ for directory navigation
- setopt AUTO_PARAM_SLASH
-
- # zoxide smarter cmd command
- eval "$(zoxide init zsh)"
- '';
- shellAliases = {
- ls = "ls --color=auto";
- };
-
- zplug = {
- enable = true;
- plugins = [
- { name = "mafredri/zsh-async"; }
- {
- name = "sindresorhus/pure";
- tags = [
- "as:theme"
- "use:pure.zsh"
- ];
- }
- { name = "zdharma-continuum/fast-syntax-highlighting"; }
- { name = "zsh-users/zsh-autosuggestions"; }
- ];
- };
- };
- };
-}
diff --git a/modules/home/terminal/kitty.nix b/modules/home/terminal/kitty.nix
deleted file mode 100644
index 35d5648..0000000
--- a/modules/home/terminal/kitty.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{
- config,
- lib,
- ...
-}:
-
-{
- options.nx.terminal.kitty.enable = lib.mkEnableOption "Enable kitty";
- config = lib.mkIf config.nx.terminal.kitty.enable {
- programs.kitty = {
- enable = true;
- shellIntegration.enableFishIntegration = true;
- font = {
- name = "monospace";
- size = 11;
- };
- settings = {
- cursor_shape = "underline";
- cursor_blink_interval = "-1";
- cursor_stop_blinking_after = "15.0";
-
- background_opacity = "0.3";
-
- enable_audio_bell = false;
- bell_on_tab = false;
-
- window_border_width = "0";
- window_margin_width = "4";
- window_padding_width = "5";
- };
- };
- };
-}
diff --git a/modules/home/zathura/default.nix b/modules/home/zathura/default.nix
deleted file mode 100644
index 2334fc7..0000000
--- a/modules/home/zathura/default.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-{
- config,
- lib,
- ...
-}:
-let
- cfg = config.nx.programs.zathura;
- inherit (lib) mkEnableOption mkIf;
-in
-{
- options.nx.programs.zathura = {
- enable = mkEnableOption "zathura document viewer";
- };
-
- config = mkIf cfg.enable {
- programs.zathura = {
- enable = true;
- options = {
- recolor-lightcolor = "rgba(0, 0, 0, 0)";
- recolor-darkcolor = "rgba(255, 255, 255, 1)";
- recolor = true;
- adjust-open = "width";
- guioptions = "none";
- zoom-center = true;
- page-padding = 0;
- pages-per-row = 1;
- scroll-page-aware = true;
- };
-
- mappings = {
- i = "recolor";
- j = "navigate previous";
- k = "navigate next";
- };
- };
- };
-}
diff --git a/modules/hosts/adam/configuration.nix b/modules/hosts/adam/configuration.nix
new file mode 100644
index 0000000..53094f0
--- /dev/null
+++ b/modules/hosts/adam/configuration.nix
@@ -0,0 +1,56 @@
+{
+ flake.modules.nixos.adam =
+ {
+ pkgs,
+ ...
+ }:
+ {
+ boot = {
+ kernelPackages = pkgs.linuxPackages_latest;
+ kernelParams = [ "amd_pstate=active" ];
+ initrd.luks.devices."luks-803851e9-7fa8-4367-a927-0bb76d0fe830".device =
+ "/dev/disk/by-uuid/803851e9-7fa8-4367-a927-0bb76d0fe830";
+ loader = {
+ timeout = 0;
+ systemd-boot.enable = true;
+ efi.canTouchEfiVariables = true;
+ };
+ };
+
+ # Localisation
+ time.timeZone = "Europe/Berlin";
+ i18n.defaultLocale = "en_US.UTF-8";
+ i18n.extraLocaleSettings = {
+ LC_ADDRESS = "de_DE.UTF-8";
+ LC_IDENTIFICATION = "de_DE.UTF-8";
+ LC_MEASUREMENT = "de_DE.UTF-8";
+ LC_MONETARY = "de_DE.UTF-8";
+ LC_NAME = "de_DE.UTF-8";
+ LC_NUMERIC = "de_DE.UTF-8";
+ LC_PAPER = "de_DE.UTF-8";
+ LC_TELEPHONE = "de_DE.UTF-8";
+ LC_TIME = "de_DE.UTF-8";
+ };
+
+ # Disable waiting for network to be online
+ systemd.services.NetworkManager-wait-online.enable = false;
+
+ # User configuration
+ users.users.schererleander = {
+ isNormalUser = true;
+ home = "/home/schererleander";
+ shell = pkgs.zsh;
+ ignoreShellProgramCheck = true;
+ extraGroups = [
+ "wheel"
+ "networkmanager"
+ "video"
+ "input"
+ ];
+ };
+
+ nixpkgs.config.allowUnfree = true;
+ nixpkgs.hostPlatform = "x86_64-linux";
+ system.stateVersion = "25.11";
+ };
+}
diff --git a/modules/hosts/adam/flake-parts.nix b/modules/hosts/adam/flake-parts.nix
new file mode 100644
index 0000000..cf50170
--- /dev/null
+++ b/modules/hosts/adam/flake-parts.nix
@@ -0,0 +1,15 @@
+{ inputs, ... }:
+{
+ flake.nixosConfigurations."adam" = inputs.nixpkgs.lib.nixosSystem {
+ specialArgs = { inherit inputs; };
+ modules = [
+ inputs.self.modules.nixos.adam
+ inputs.self.modules.nixos.secrets
+ inputs.self.modules.nixos.home-manager
+ inputs.self.modules.nixos.plymouth
+ inputs.self.modules.nixos.kde
+ inputs.self.modules.nixos.dns
+ inputs.self.modules.nixos.bluetooth
+ ];
+ };
+}
diff --git a/modules/hosts/adam/hardware-configuration.nix b/modules/hosts/adam/hardware-configuration.nix
new file mode 100644
index 0000000..be6cc0a
--- /dev/null
+++ b/modules/hosts/adam/hardware-configuration.nix
@@ -0,0 +1,49 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+ flake.modules.nixos.adam =
+ {
+ config,
+ lib,
+ ...
+ }:
+
+ {
+ boot.initrd.availableKernelModules = [
+ "nvme"
+ "xhci_pci"
+ "ahci"
+ "usbhid"
+ "usb_storage"
+ "sd_mod"
+ ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-amd" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" = {
+ device = "/dev/mapper/luks-37471d57-a31d-4bf1-b219-9992bafe7b64";
+ fsType = "ext4";
+ };
+
+ boot.initrd.luks.devices."luks-37471d57-a31d-4bf1-b219-9992bafe7b64".device =
+ "/dev/disk/by-uuid/37471d57-a31d-4bf1-b219-9992bafe7b64";
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/8E50-FCCA";
+ fsType = "vfat";
+ options = [
+ "fmask=0077"
+ "dmask=0077"
+ ];
+ };
+
+ swapDevices = [
+ { device = "/dev/mapper/luks-803851e9-7fa8-4367-a927-0bb76d0fe830"; }
+ ];
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+ };
+}
diff --git a/modules/hosts/lilith/configuration.nix b/modules/hosts/lilith/configuration.nix
new file mode 100644
index 0000000..af15fba
--- /dev/null
+++ b/modules/hosts/lilith/configuration.nix
@@ -0,0 +1,64 @@
+{
+ flake.modules.darwin.lilith =
+ {
+ ...
+ }:
+
+ let
+ username = "schererleander";
+ in
+ {
+ networking.hostName = "lilith";
+
+ # User configuration
+ users.users.${username}.home = "/Users/${username}";
+
+ system.primaryUser = username;
+ system.defaults = {
+ dock = {
+ autohide = true;
+ largesize = 48;
+ show-recents = false;
+ };
+ WindowManager.EnableStandardClickToShowDesktop = false;
+ finder = {
+ _FXShowPosixPathInTitle = true;
+ _FXSortFoldersFirst = true;
+ };
+ controlcenter = {
+ Display = false;
+ FocusModes = false;
+ Sound = false;
+ };
+ loginwindow.GuestEnabled = false;
+ };
+
+ homebrew = {
+ enable = true;
+ brews = [
+ "openjdk@21"
+ ];
+ casks = [
+ "mullvad-vpn"
+ "nextcloud"
+ "iterm2"
+ "rectangle"
+ ];
+ masApps = {
+ "AdGuard Mini" = 1440147259;
+ #"WebSSH - Sysadmin Toolbox" = 497714887;
+ "Windows App" = 1295203466;
+ "Goodnotes: KI-Notizen, PDF" = 1444383602;
+ "WhatsApp Messenger" = 310633997;
+ };
+ onActivation.cleanup = "zap";
+ onActivation.autoUpdate = true;
+ onActivation.upgrade = true;
+ };
+
+ nix.enable = false;
+
+ nixpkgs.config.allowUnfree = true;
+ system.stateVersion = 5;
+ };
+}
diff --git a/modules/hosts/lilith/flake-parts.nix b/modules/hosts/lilith/flake-parts.nix
new file mode 100644
index 0000000..5842777
--- /dev/null
+++ b/modules/hosts/lilith/flake-parts.nix
@@ -0,0 +1,15 @@
+{
+ inputs,
+ ...
+}:
+
+{
+ flake.darwinConfigurations.lilith = inputs.nix-darwin.lib.darwinSystem {
+ specialArgs = { inherit inputs; };
+ system = "aarch64-darwin";
+ modules = [
+ inputs.self.modules.darwin.lilith
+ inputs.self.modules.darwin.home-manager
+ ];
+ };
+}
diff --git a/modules/hosts/sachiel/configuration.nix b/modules/hosts/sachiel/configuration.nix
new file mode 100644
index 0000000..d2d1d75
--- /dev/null
+++ b/modules/hosts/sachiel/configuration.nix
@@ -0,0 +1,49 @@
+{
+ flake.modules.nixos.sachiel =
+ {
+ pkgs,
+ ...
+ }:
+ {
+ boot.tmp.cleanOnBoot = true;
+ boot.loader.grub.configurationLimit = 2;
+ zramSwap.enable = true;
+
+ swapDevices = [
+ {
+ device = "/var/swapfile";
+ size = 4096;
+ }
+ ];
+
+ networking = {
+ hostName = "sachiel";
+ domain = "schererleander.de";
+ };
+
+ users.users.root.hashedPassword = "!";
+ users.mutableUsers = false;
+ users.users.administrator = {
+ isNormalUser = true;
+ hashedPassword = "$6$KBblJguEyfEmuWnU$Xf0QqPVacA2qvnzZRpnSE2cmh0kNnMgtVhCrMEDI76buNzuzkuDY6EnO7jPjQlEnoczx6ZPAl2pK.SxezbVa..";
+ extraGroups = [ "wheel" ];
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvlkqlvY4+0o7UIGnFnnRw0HeBq5v7wYJ3kY3teXxxl vps"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL+r0l2i07pl9V9iiGqw5e2f/QAcrMhuraA25HavdNT github-deploy"
+ ];
+ };
+
+ environment.systemPackages = with pkgs; [
+ git
+ gnutar
+ gzip
+ zoxide
+ neovim
+ htop
+ ];
+
+ nixpkgs.config.allowUnfree = true;
+ nixpkgs.hostPlatform = "x86_64-linux";
+ system.stateVersion = "25.05";
+ };
+}
diff --git a/modules/hosts/sachiel/flake-parts.nix b/modules/hosts/sachiel/flake-parts.nix
new file mode 100644
index 0000000..42d7551
--- /dev/null
+++ b/modules/hosts/sachiel/flake-parts.nix
@@ -0,0 +1,14 @@
+{ inputs, ... }:
+{
+ flake.nixosConfigurations."sachiel" = inputs.nixpkgs.lib.nixosSystem {
+ specialArgs = { inherit inputs; };
+ modules = [
+ inputs.self.modules.nixos.sachiel
+ inputs.self.modules.nixos.secrets
+ inputs.self.modules.nixos.openssh
+ inputs.self.modules.nixos.nginx
+ inputs.self.modules.nixos.nextcloud
+ inputs.self.modules.nixos.site
+ ];
+ };
+}
diff --git a/modules/hosts/sachiel/hardware-configuration.nix b/modules/hosts/sachiel/hardware-configuration.nix
new file mode 100644
index 0000000..e188fae
--- /dev/null
+++ b/modules/hosts/sachiel/hardware-configuration.nix
@@ -0,0 +1,39 @@
+{
+ flake.modules.nixos.sachiel =
+ { ... }:
+ {
+ boot.loader.grub = {
+ efiSupport = true;
+ efiInstallAsRemovable = true;
+ device = "nodev";
+ };
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/4E07-7ABB";
+ fsType = "vfat";
+ };
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "uhci_hcd"
+ "xen_blkfront"
+ "vmw_pvscsi"
+ "virtio_net"
+ "virtio_pci"
+ "virtio_mmio"
+ "virtio_blk"
+ "virtio_scsi"
+ "9p"
+ "9pnet_virtio"
+ ];
+ boot.initrd.kernelModules = [
+ "nvme"
+ "virtio_balloon"
+ "virtio_console"
+ "virtio_rng"
+ "virtio_gpu"
+ ];
+ fileSystems."/" = {
+ device = "/dev/vda1";
+ fsType = "ext4";
+ };
+ };
+}
diff --git a/modules/nixos/desktop/cinnamon/default.nix b/modules/nixos/desktop/cinnamon/default.nix
deleted file mode 100644
index f86434b..0000000
--- a/modules/nixos/desktop/cinnamon/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf mkForce;
- cfg = config.nx.desktop.cinnamon;
-in
-{
- options.nx.desktop.cinnamon.enable = mkEnableOption "Cinnamon desktop";
-
- config = mkIf cfg.enable {
- services.xserver = {
- enable = true;
- displayManager.lightdm.enable = true;
- desktopManager.cinnamon.enable = true;
- };
- services.speechd.enable = mkForce false;
- services.orca.enable = mkForce false;
- environment.systemPackages = [ pkgs.nemo-preview ];
- };
-}
diff --git a/modules/nixos/desktop/gnome/default.nix b/modules/nixos/desktop/gnome/default.nix
deleted file mode 100644
index 3be22d5..0000000
--- a/modules/nixos/desktop/gnome/default.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.desktop.gnome;
-in
-{
- options.nx.desktop.gnome.enable = mkEnableOption "GNOME desktop";
-
- config = mkIf cfg.enable {
- services.displayManager.gdm.enable = true;
- services.desktopManager.gnome.enable = true;
- services.gnome.core-developer-tools.enable = false;
- services.gnome.games.enable = false;
-
- environment.gnome.excludePackages = with pkgs; [
- gnome-tour
- gnome-user-docs
- epiphany
- ];
- environment.systemPackages = with pkgs; [
- gnomeExtensions.pop-shell
- gnomeExtensions.blur-my-shell
- gnome-tweaks
- ];
- };
-}
diff --git a/modules/nixos/desktop/kde/default.nix b/modules/nixos/desktop/kde/default.nix
deleted file mode 100644
index c267d19..0000000
--- a/modules/nixos/desktop/kde/default.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.desktop.kde;
-in
-{
- options.nx.desktop.kde.enable = mkEnableOption "KDE Plasma 6 desktop";
-
- config = mkIf cfg.enable {
- services.displayManager.sddm = {
- enable = true;
- wayland.enable = true;
- };
- services.desktopManager.plasma6.enable = true;
- security.pam.services.sddm.enableKwallet = true;
- environment.plasma6.excludePackages = with pkgs.kdePackages; [
- elisa
- kate
- ];
- environment.systemPackages = with pkgs.kdePackages; [ kcalc ];
- };
-}
diff --git a/modules/nixos/dns/default.nix b/modules/nixos/dns/default.nix
deleted file mode 100644
index 0cc1766..0000000
--- a/modules/nixos/dns/default.nix
+++ /dev/null
@@ -1,56 +0,0 @@
-{ config, lib, ... }:
-let
- inherit (lib)
- mkEnableOption
- mkOption
- types
- mkIf
- concatStringsSep
- ;
- cfg = config.nx.dns;
-in
-{
- options.nx.dns = {
- enable = mkEnableOption "DNS-over-TLS via systemd-resolved";
- servers = mkOption {
- type = types.listOf types.str;
- default = [
- "1.1.1.1#cloudflare-dns.com"
- "1.0.0.1#cloudflare-dns.com"
- "9.9.9.9#dns.quad9.net"
- "149.112.112.112#dns.quad9.net"
- ];
- };
- fallbackServers = mkOption {
- type = types.listOf types.str;
- default = [
- "8.8.8.8#dns.google"
- "8.8.4.4#dns.google"
- ];
- };
- };
-
- config = mkIf cfg.enable {
- services.resolved = {
- enable = true;
- settings = {
- Resolve = {
- DNS = cfg.servers;
- FallbackDNS = cfg.fallbackServers;
- DNSSEC = true;
- DNSOverTLS = true;
- Domains = [ "~." ];
- };
- };
- };
- networking = {
- nameservers = cfg.servers;
- networkmanager.dns = lib.mkDefault "systemd-resolved";
- };
- systemd.services.systemd-resolved.environment = {
- DNS = concatStringsSep " " cfg.servers;
- FallbackDNS = concatStringsSep " " cfg.fallbackServers;
- };
- };
-
-}
diff --git a/modules/nixos/hardware/printer/default.nix b/modules/nixos/hardware/printer/default.nix
deleted file mode 100644
index 09b6da4..0000000
--- a/modules/nixos/hardware/printer/default.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.hardware.printer;
-in
-{
- options.nx.hardware.printer.enable = mkEnableOption "printer support";
-
- config = mkIf cfg.enable {
- services.printing = {
- enable = true;
- drivers = [ pkgs.brlaser ];
- };
- services.avahi = {
- enable = true;
- nssmdns4 = true;
- openFirewall = true;
- };
- };
-}
diff --git a/modules/nixos/hardware/wooting/default.nix b/modules/nixos/hardware/wooting/default.nix
deleted file mode 100644
index 7f6e3c6..0000000
--- a/modules/nixos/hardware/wooting/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.hardware.wooting;
-in
-{
- options.nx.hardware.wooting.enable = mkEnableOption "Wooting keyboard support";
-
- config = mkIf cfg.enable {
- services.udev.packages = [ pkgs.wooting-udev-rules ];
- environment.systemPackages = [ pkgs.wootility ];
- };
-}
diff --git a/modules/nixos/mullvad-vpn/default.nix b/modules/nixos/mullvad-vpn/default.nix
deleted file mode 100644
index 0c12d17..0000000
--- a/modules/nixos/mullvad-vpn/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.mullvad-vpn;
-in
-{
- options.nx.mullvad-vpn.enable = mkEnableOption "Mullvad VPN";
-
- config = mkIf cfg.enable {
- services.mullvad-vpn.enable = true;
- environment.systemPackages = [ pkgs.mullvad-vpn ];
- };
-}
diff --git a/modules/nixos/openssh/default.nix b/modules/nixos/openssh/default.nix
deleted file mode 100644
index a37dfec..0000000
--- a/modules/nixos/openssh/default.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ config, lib, ... }:
-let
- inherit (lib)
- mkEnableOption
- mkOption
- types
- mkIf
- ;
- cfg = config.nx.services.openssh;
-in
-{
- options.nx.services.openssh = {
- enable = mkEnableOption "OpenSSH server";
- allowedUsers = mkOption {
- type = types.listOf types.str;
- default = [ ];
- };
- };
-
- config = mkIf cfg.enable {
- services.openssh = {
- enable = true;
- settings.AllowUsers = cfg.allowedUsers;
- };
- };
-}
diff --git a/modules/nixos/plymouth/default.nix b/modules/nixos/plymouth/default.nix
deleted file mode 100644
index dd8d79a..0000000
--- a/modules/nixos/plymouth/default.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.plymouth;
-in
-{
- options.nx.plymouth.enable = mkEnableOption "Plymouth";
-
- config = mkIf cfg.enable {
- boot = {
- # Show password prompt for encrypted root
- initrd.systemd.enable = true;
- kernelParams = [ "quiet" ];
- loader.systemd-boot.consoleMode = "max";
- plymouth = {
- enable = true;
- theme = "loader_2";
- themePackages = with pkgs; [
- (adi1090x-plymouth-themes.override {
- selected_themes = [
- #"lone"
- #"red_loader"
- #"cuts_alt"
- #"abstract_ring_alt"
- "loader_2"
- #"sliced"
- #"spinner_alt"
- #"sphere"
- #"loader"
- ];
- })
- ];
- };
- };
- };
-}
diff --git a/modules/nixos/server/nextcloud/default.nix b/modules/nixos/server/nextcloud/default.nix
deleted file mode 100644
index ccaad46..0000000
--- a/modules/nixos/server/nextcloud/default.nix
+++ /dev/null
@@ -1,138 +0,0 @@
-{
- pkgs,
- config,
- lib,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.server.nextcloud;
-in
-{
- options.nx.server.nextcloud = {
- enable = mkEnableOption "Nextcloud server";
- };
-
- config = mkIf cfg.enable {
- services.nextcloud = {
- enable = true;
- package = pkgs.nextcloud32;
- hostName = "cloud.schererleander.de";
- https = true;
- database.createLocally = true;
- maxUploadSize = "16G";
- config = {
- dbtype = "mysql";
- adminuser = "schererleander";
- adminpassFile = config.sops.secrets."nextcloud-admin-pass".path;
- };
- secrets = {
- secret = config.sops.secrets."nextcloud-secret".path;
- };
- settings = {
- maintenance_window_start = 2; # 02:00
- default_phone_region = "de";
- overwriteProtocol = "https";
- trusted_domains = [ "cloud.schererleander.de" ];
- logtimezone = config.time.timeZone;
- log_type = "file";
- # Disable mail functionality for single-user instance
- mail_smtpmode = "null";
- };
- phpOptions."opcache.interned_strings_buffer" = "64";
- };
-
- services.nginx.virtualHosts = {
- "cloud.schererleander.de" = {
- forceSSL = true;
- sslCertificate = config.sops.secrets."cert_fullchain".path;
- sslCertificateKey = config.sops.secrets."cert_private".path;
- };
- };
-
- services.borgbackup.jobs.nextcloud = {
- paths = [
- "/var/lib/nextcloud"
- "/var/lib/backup/nextcloud/db"
- ];
- repo = "$BORG_REPO";
- encryption.mode = "none";
- user = "root";
- group = "root";
- environment = {
- BORG_RSH = "ssh -i ${
- config.sops.secrets."borgbase_ssh_key".path
- } -o StrictHostKeyChecking=accept-new";
- TMPDIR = "/var/tmp";
- };
- compression = "auto,lzma";
- startAt = "daily";
- readWritePaths = [
- "/var/lib/backup"
- "/var/lib/nextcloud"
- ];
- preHook = ''
- set -euo pipefail
-
- export BORG_REPO="$(cat ${config.sops.secrets."borg_repo".path})"
-
- INSTALL="${pkgs.coreutils}/bin/install"
- FIND="${pkgs.findutils}/bin/find"
- MYSQLDUMP="${pkgs.mariadb.client}/bin/mariadb-dump"
- GZIP="${pkgs.gzip}/bin/gzip"
- OCC="${lib.getExe config.services.nextcloud.occ}"
-
- # This command requires write access to /var/lib/backup.
- $INSTALL -d -m 0750 -o root -g root /var/lib/backup/nextcloud/db
-
- trap "$OCC maintenance:mode --off >/dev/null 2>&1 || true" EXIT
-
- $OCC maintenance:mode --on
-
- # Make a consistent database dump without locking the site.
- $MYSQLDUMP --single-transaction --quick --lock-tables=false --databases nextcloud \
- | $GZIP -c > /var/lib/backup/nextcloud/db/nextcloud-$(date +%F-%H%M%S).sql.gz
-
- # Delete local dump files older than 14 days.
- $FIND /var/lib/backup/nextcloud/db -type f -name "*.sql.gz" -mtime +14 -delete || true
- '';
- postHook = ''
- set -euo pipefail
- ${lib.getExe config.services.nextcloud.occ} maintenance:mode --off || true
- '';
- };
-
- services.fail2ban = {
- enable = true;
- bantime = lib.mkDefault "1h";
- jails = {
- nextcloud = {
- enabled = true;
- settings = {
- backend = "systemd";
- journalmatch = "SYSLOG_IDENTIFIER=Nextcloud";
- # END modification to work with syslog instead of logile
- port = 443;
- protocol = "tcp";
- filter = "nextcloud";
- maxretry = 3;
- findtime = 43200;
- };
- };
- };
- };
-
- environment.etc = {
- # Adapted failregex for syslogs
- "fail2ban/filter.d/nextcloud.local".text = pkgs.lib.mkDefault (
- pkgs.lib.mkAfter ''
- [Definition]
- _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
- failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
- ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
- datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
- ''
- );
- };
- };
-}
diff --git a/modules/nixos/server/nginx/default.nix b/modules/nixos/server/nginx/default.nix
deleted file mode 100644
index d960d33..0000000
--- a/modules/nixos/server/nginx/default.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{
- config,
- lib,
- ...
-}:
-let
- inherit (lib)
- mkEnableOption
- mkIf
- ;
- cfg = config.nx.server.nginx;
-in
-{
- options.nx.server.nginx = {
- enable = mkEnableOption "nginx reverse proxy" // {
- default = true;
- };
- };
- config = mkIf cfg.enable {
- services.nginx = {
- enable = true;
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- recommendedProxySettings = true;
- recommendedTlsSettings = true;
- appendHttpConfig = ''
- map $scheme $hsts_header {
- https "max-age=31536000; includeSubdomains; preload";
- }
- add_header Strict-Transport-Security $hsts_header;
- #add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; connect-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'self';" always;
- add_header 'Referrer-Policy' 'same-origin';
- add_header X-Frame-Options DENY;
- add_header X-Content-Type-Options nosniff;
- '';
- };
- networking.firewall.allowedTCPPorts = [
- 80
- 443
- ];
- };
-}
diff --git a/modules/nixos/server/openssh/default.nix b/modules/nixos/server/openssh/default.nix
deleted file mode 100644
index 0972e66..0000000
--- a/modules/nixos/server/openssh/default.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{
- config,
- lib,
- ...
-}:
-
-let
- inherit (lib) mkEnableOption mkIf mkDefault;
- cfg = config.nx.server.openssh;
-in
-{
- options.nx.server.openssh = {
- enable = mkEnableOption "OpenSSH server";
- };
-
- config = mkIf cfg.enable {
- services.openssh = {
- enable = true;
- ports = [ 8693 ];
- settings = {
- PasswordAuthentication = false;
- X11Forwarding = false;
- PermitRootLogin = "yes";
- };
- };
- networking.firewall.allowedTCPPorts = [ 8693 ];
-
- services.fail2ban = {
- enable = true;
- bantime = lib.mkDefault "1h";
- jails = {
- sshd = {
- enabled = true;
- settings = {
- port = 8693;
- backend = "systemd";
- maxretry = 4;
- findtime = "10m";
- };
- };
- };
- };
- };
-}
diff --git a/modules/nixos/server/site/default.nix b/modules/nixos/server/site/default.nix
deleted file mode 100644
index c1d472b..0000000
--- a/modules/nixos/server/site/default.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{
- config,
- lib,
- inputs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.server.site;
-in
-{
- imports = [
- inputs.site.nixosModules.default
- ];
-
- options.nx.server.site = {
- enable = mkEnableOption "personal website";
- };
-
- config = mkIf cfg.enable {
- services.site = {
- enable = true;
- domain = "schererleander.de";
- sslCertificate = config.sops.secrets."cert_fullchain".path;
- sslCertificateKey = config.sops.secrets."cert_private".path;
- };
- };
-}
diff --git a/modules/nixos/steam/default.nix b/modules/nixos/steam/default.nix
deleted file mode 100644
index d708139..0000000
--- a/modules/nixos/steam/default.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.steam;
-in
-{
- options.nx.steam = {
- enable = mkEnableOption "Steam gaming platform";
- protontricks = mkEnableOption "protontricks" // {
- default = true;
- };
- gamescope = mkEnableOption "gamescope session compositor";
- };
-
- config = mkIf cfg.enable {
- programs.steam = {
- enable = true;
- protontricks.enable = cfg.protontricks;
- gamescopeSession.enable = cfg.gamescope;
- extraCompatPackages = [ pkgs.proton-ge-bin ];
- };
- };
-}
diff --git a/modules/nixos/sunshine/default.nix b/modules/nixos/sunshine/default.nix
deleted file mode 100644
index 23a4cc0..0000000
--- a/modules/nixos/sunshine/default.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- config,
- lib,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.sunshine;
-in
-{
- options.nx.sunshine.enable = mkEnableOption "Sunshine game streaming server";
-
- config = mkIf cfg.enable {
- services.sunshine = {
- enable = true;
- autoStart = true;
- capSysAdmin = true;
- openFirewall = true;
- };
- hardware.graphics.enable = true;
- };
-}
diff --git a/modules/programs/anki.nix b/modules/programs/anki.nix
new file mode 100644
index 0000000..ca0cd0f
--- /dev/null
+++ b/modules/programs/anki.nix
@@ -0,0 +1,14 @@
+{
+ flake.modules.homeManager.anki =
+ { ... }:
+ {
+ programs.anki = {
+ enable = true;
+ #style = "native";
+ #addons = with pkgs.ankiAddons; [
+ # anki-connect
+ # review-heatmap
+ #];
+ };
+ };
+}
diff --git a/modules/programs/bash.nix b/modules/programs/bash.nix
new file mode 100644
index 0000000..6fd488d
--- /dev/null
+++ b/modules/programs/bash.nix
@@ -0,0 +1,30 @@
+{
+ flake.modules.homeManager.bash =
+ {
+ pkgs,
+ ...
+ }:
+ {
+ home.packages = with pkgs; [
+ zoxide
+ ];
+
+ programs.bash = {
+ enable = true;
+ enableCompletion = true;
+ initExtra = ''
+ # view man pages with nvim
+ export MANPAGER="nvim +Man!"
+
+ # vim keybindings
+ set -o vi
+
+ # zoxide smarter cd command
+ eval "$(zoxide init bash)"
+ '';
+ shellAliases = {
+ ls = "ls --color=auto";
+ };
+ };
+ };
+}
diff --git a/modules/programs/firefox.nix b/modules/programs/firefox.nix
new file mode 100644
index 0000000..bf89c29
--- /dev/null
+++ b/modules/programs/firefox.nix
@@ -0,0 +1,140 @@
+{
+ flake.modules.nixos.firefox =
+ { pkgs, ... }:
+ {
+ programs.firefox = {
+ enable = true;
+ package = pkgs.firefox;
+ };
+ };
+
+ flake.modules.homeManager.firefox =
+ {
+ pkgs,
+ inputs,
+ ...
+ }:
+ {
+ programs.firefox = {
+ enable = true;
+ profiles.default = {
+ extensions = {
+ packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [
+ ublock-origin
+ istilldontcareaboutcookies
+ ];
+
+ force = true;
+ settings."uBlock0@raymondhill.net".settings = {
+ UserMessaging = {
+ cloudStorageEnabled = false;
+ contextMenuEnabled = false;
+ };
+ # Block annoying login with google banner
+ userFilters = ''
+ ||accounts.google.com/gsi/*
+ '';
+ };
+ };
+
+ search = {
+ default = "DuckDuckGo";
+ engines = {
+ nix-packages = {
+ name = "Nix Packages";
+ urls = [
+ {
+ template = "https://search.nixos.org/packages";
+ params = [
+ {
+ name = "type";
+ value = "packages";
+ }
+ {
+ name = "query";
+ value = "{searchTerms}";
+ }
+ ];
+ }
+ ];
+
+ icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+ definedAliases = [ "@np" ];
+ };
+
+ nixos-wiki = {
+ name = "NixOS Wiki";
+ urls = [ { template = "https://wiki.nixos.org/w/index.php?search={searchTerms}"; } ];
+ iconMapObj."16" = "https://wiki.nixos.org/favicon.ico";
+ definedAliases = [ "@nw" ];
+ };
+
+ bing.metaData.hidden = true;
+ google.metaData.alias = "@g";
+ };
+ force = true;
+ };
+
+ policies = {
+ DisableTelemetry = true;
+ DisableFirefoxStudies = true;
+ PasswordManagerEnabled = false;
+ OfferToSaveLogins = false;
+ DisplayBookmarksToolbar = "never";
+ NoDefaultBookmarks = true;
+
+ Homepage = {
+ URL = "about:blank";
+ Locked = true;
+ StartPage = "homepage";
+ };
+
+ NewTabPage = false;
+
+ EnableTrackingProtection = {
+ Value = true;
+ Locked = true;
+ Cryptomining = true;
+ Fingerprinting = true;
+ };
+
+ EncryptedMediaExtensions = {
+ Enabled = true;
+ Locked = true;
+ };
+
+ FirefoxHome = {
+ Search = true;
+ TopSites = true;
+ SponsoredTopSites = false;
+ Highlights = true;
+ Locked = true;
+ };
+
+ UserMessaging = {
+ ExtensionRecommendations = false;
+ FeatureRecommendations = false;
+ Locked = true;
+ MoreFromMozilla = false;
+ SkipOnboarding = true;
+ UrlbarInterventions = false;
+ };
+
+ Preferences = {
+ # Disable fullscreen notification
+ "full-screen-api.warning.timeout" = "0";
+
+ # Disable annoying translation popup
+ "browser.translations.automaticallyPopup" = false;
+
+ # Enable all extensions automatically
+ "extensions.autoDisableScopes" = 0;
+
+ # Hide ctr-tab tab preview menu
+ "browser.ctrlTab.sortByRecentlyUsed" = false;
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/modules/programs/git.nix b/modules/programs/git.nix
new file mode 100644
index 0000000..a8a2e88
--- /dev/null
+++ b/modules/programs/git.nix
@@ -0,0 +1,48 @@
+{
+ flake.modules.nixos.git =
+ { pkgs, ... }:
+ {
+ programs.git = {
+ enable = true;
+ package = pkgs.git;
+ };
+ };
+
+ flake.modules.homeManager.git =
+ { ... }:
+ {
+ programs.git = {
+ enable = true;
+
+ signing = {
+ key = "A3502B180BC1D41A";
+ signByDefault = true;
+ };
+
+ ignores = [
+ "*~"
+ ".DS_Store"
+ ".direnv"
+ ".envrc"
+ ];
+
+ settings = {
+ user.name = "Leander Scherer";
+ user.email = "leander@schererleander.de";
+ help.autocorrect = 20;
+ alias = {
+ st = "status";
+ co = "checkout";
+ br = "branch";
+ };
+ pull.rebase = true;
+ gpg.format = "openpgp";
+ url."git@github.com:".insteadOf = "https://github.com";
+ };
+ };
+ programs.diff-highlight = {
+ enable = true;
+ enableGitIntegration = true;
+ };
+ };
+}
diff --git a/modules/programs/jellyfin-mpv-shim.nix b/modules/programs/jellyfin-mpv-shim.nix
new file mode 100644
index 0000000..1844296
--- /dev/null
+++ b/modules/programs/jellyfin-mpv-shim.nix
@@ -0,0 +1,37 @@
+{
+ flake.modules.homeManager.jellyfin-mpv-shim =
+ {
+ lib,
+ ...
+ }:
+ let
+ inherit (lib) optionalAttrs;
+ in
+ {
+ systemd.user.services.jellyfin-mpv-shim.Service.Environment = [
+ "ENABLE_HDR_WSI=1"
+ ];
+
+ services.jellyfin-mpv-shim = {
+ enable = true;
+ settings = {
+ player_name = "mpv-shim";
+ allow_transcode_to_h256 = true;
+ };
+ mpvConfig = {
+ vo = "gpu-next";
+ gpu-api = "vulkan";
+ target-colorspace-hint = "yes";
+ target-peak = 500;
+ }
+ // (optionalAttrs false {
+ target-trc = "pq";
+ target-prim = "bt.2020";
+ #target-peak = 406;
+ #tone-mapping = "spline";
+ #tone-mapping-mode = "rgb";
+ inverse-tone-mapping = "yes";
+ });
+ };
+ };
+}
diff --git a/modules/programs/latex.nix b/modules/programs/latex.nix
new file mode 100644
index 0000000..24654c3
--- /dev/null
+++ b/modules/programs/latex.nix
@@ -0,0 +1,33 @@
+{
+ flake.modules.homeManager.latex =
+ {
+ pkgs,
+ ...
+ }:
+ {
+ programs.texlive = {
+ enable = true;
+ # See https://mynixos.com/search?q=texlivepackages.collection for more collections
+ # and https://mynixos.com/search?q=texlivepackages for more individual packages.
+ extraPackages = tpkgs: {
+ inherit (tpkgs)
+ collection-basic
+ collection-latex
+ collection-latexrecommended
+ biblatex
+ ;
+ };
+ };
+
+ home.packages = with pkgs; [
+ biber
+ ];
+
+ programs.pandoc = {
+ enable = true;
+ defaults = {
+ pdf-engine = "pdfetex";
+ };
+ };
+ };
+}
diff --git a/modules/programs/mpv.nix b/modules/programs/mpv.nix
new file mode 100644
index 0000000..8787bbd
--- /dev/null
+++ b/modules/programs/mpv.nix
@@ -0,0 +1,48 @@
+{
+ flake.modules.homeManager.mpv =
+ { ... }:
+ {
+ programs.mpv = {
+ enable = true;
+ config = {
+ vo = "gpu-next";
+ gpu-api = "vulkan";
+ target-peak = 500;
+ target-colorspace-hint = "yes";
+ };
+ profiles = {
+ # Dolby Vision profile
+ "DOVI" = {
+ profile-restore = "copy";
+ profile-cond = "p[\"video-dec-params/gamma\"] == \"auto\"";
+ target-trc = "pq";
+ target-prim = "bt.2020";
+ target-peak = 500;
+ tone-mapping-mode = "auto";
+ };
+
+ # SDR look while in HDR
+ "SDR" = {
+ profile-restore = "copy";
+ target-trc = "pq";
+ target-prim = "bt.2020";
+ target-peak = 207;
+ tone-mapping = "bt.2390";
+ tone-mapping-mode = "rgb";
+ inverse-tone-mapping = "yes";
+ };
+
+ # SDR to HDR inverse tone mapping
+ "SDR_HDR_EFFECT" = {
+ profile-restore = "copy";
+ target-trc = "pq";
+ target-prim = "bt.2020";
+ target-peak = 406;
+ tone-mapping = "spline";
+ tone-mapping-mode = "rgb";
+ inverse-tone-mapping = "yes";
+ };
+ };
+ };
+ };
+}
diff --git a/modules/programs/neovim/default.nix b/modules/programs/neovim/default.nix
new file mode 100644
index 0000000..e61f01b
--- /dev/null
+++ b/modules/programs/neovim/default.nix
@@ -0,0 +1,48 @@
+{
+ flake.modules.homeManager.neovim =
+ { pkgs, ... }:
+ {
+ programs.neovim = {
+ defaultEditor = true;
+ enable = true;
+ package = pkgs.neovim-unwrapped;
+ extraPackages = with pkgs; [
+ tree-sitter
+ git
+ ripgrep
+ fd
+ gcc
+ gopls
+ nil
+ nixfmt
+ lua-language-server
+ texlab
+ tinymist
+ ];
+
+ plugins = with pkgs.vimPlugins; [
+ gruvbox-nvim
+ mini-starter
+ gitsigns-nvim
+ nvim-autopairs
+ telescope-nvim
+ fidget-nvim
+ plenary-nvim
+ nvim-treesitter.withAllGrammars
+ nvim-lspconfig
+ nvim-cmp
+ cmp-nvim-lsp
+ cmp-buffer
+ cmp-path
+ cmp-cmdline
+ luasnip
+ cmp_luasnip
+ lspkind-nvim
+ ];
+
+ extraConfig = ''
+ luafile ${./init.lua}
+ '';
+ };
+ };
+}
diff --git a/modules/home/editors/neovim/init.lua b/modules/programs/neovim/init.lua
index 141eb3c..2927d23 100644
--- a/modules/home/editors/neovim/init.lua
+++ b/modules/programs/neovim/init.lua
@@ -20,7 +20,6 @@ map('n', '<leader>o', '<CMD>update<BAR>source %<CR>', { desc = 'Save & reload in
map('n', '<leader>w', '<CMD>write<CR>')
map('n', '<leader>q', '<CMD>quit<CR>')
-
require("mini.starter").setup({
header = table.concat({
" /l、 ",
diff --git a/modules/programs/nixcord.nix b/modules/programs/nixcord.nix
new file mode 100644
index 0000000..9d3360b
--- /dev/null
+++ b/modules/programs/nixcord.nix
@@ -0,0 +1,28 @@
+{
+ flake.modules.homeManager.nixcord =
+ {
+ inputs,
+ ...
+ }:
+ {
+ imports = [
+ inputs.nixcord.homeModules.nixcord
+ ];
+
+ programs.nixcord = {
+ enable = true;
+ config = {
+ themeLinks = [
+ "https://refact0r.github.io/system24/theme/system24.theme.css"
+ ];
+ frameless = true;
+ plugins = {
+ alwaysAnimate.enable = false;
+ imageLink.enable = true;
+ imageZoom.enable = true;
+ translate.enable = true;
+ };
+ };
+ };
+ };
+}
diff --git a/modules/programs/obsidian.nix b/modules/programs/obsidian.nix
new file mode 100644
index 0000000..873a51a
--- /dev/null
+++ b/modules/programs/obsidian.nix
@@ -0,0 +1,9 @@
+{
+ flake.modules.homeManager.obsidian =
+ { ... }:
+ {
+ programs.obsidian = {
+ enable = true;
+ };
+ };
+}
diff --git a/modules/programs/opencode.nix b/modules/programs/opencode.nix
new file mode 100644
index 0000000..266562f
--- /dev/null
+++ b/modules/programs/opencode.nix
@@ -0,0 +1,14 @@
+{
+ flake.modules.homeManager.opencode =
+ { ... }:
+ {
+ programs.opencode = {
+ enable = true;
+ settings = {
+ theme = "system";
+ share = "disabled";
+ autoupdate = false;
+ };
+ };
+ };
+}
diff --git a/modules/programs/spicetify.nix b/modules/programs/spicetify.nix
new file mode 100644
index 0000000..4a7e003
--- /dev/null
+++ b/modules/programs/spicetify.nix
@@ -0,0 +1,34 @@
+{
+ flake.modules.homeManager.spicetify =
+ {
+ pkgs,
+ inputs,
+ ...
+ }:
+ let
+ spicePkgs = inputs.spicetify-nix.legacyPackages.${pkgs.stdenv.hostPlatform.system};
+ in
+ {
+ imports = [
+ inputs.spicetify-nix.homeManagerModules.spicetify
+ ];
+
+ programs.spicetify = {
+ enable = true;
+ enabledSnippets = with spicePkgs.snippets; [
+ pointer
+ sonicDancing
+ modernScrollbar
+ nyanCatProgressBar
+ declutterNowPlayingBar
+ ];
+
+ enabledExtensions = with spicePkgs.extensions; [
+ keyboardShortcut
+ ];
+
+ theme = spicePkgs.themes.sleek;
+ colorScheme = "Coral";
+ };
+ };
+}
diff --git a/modules/programs/steam.nix b/modules/programs/steam.nix
new file mode 100644
index 0000000..311a5b3
--- /dev/null
+++ b/modules/programs/steam.nix
@@ -0,0 +1,15 @@
+{
+ flake.modules.nixos.steam =
+ {
+ pkgs,
+ ...
+ }:
+ {
+ programs.steam = {
+ enable = true;
+ protontricks.enable = true;
+ gamescopeSession.enable = true;
+ extraCompatPackages = [ pkgs.proton-ge-bin ];
+ };
+ };
+}
diff --git a/modules/programs/vscode.nix b/modules/programs/vscode.nix
new file mode 100644
index 0000000..c10fa6b
--- /dev/null
+++ b/modules/programs/vscode.nix
@@ -0,0 +1,63 @@
+{
+ flake.modules.homeManager.vscode =
+ {
+ config,
+ lib,
+ pkgs,
+ ...
+ }:
+ let
+ inherit (lib) optionals;
+ in
+ {
+ programs.vscode = {
+ enable = true;
+ package = pkgs.vscode;
+ mutableExtensionsDir = false;
+ profiles.default = {
+ enableUpdateCheck = true;
+ enableExtensionUpdateCheck = true;
+
+ userSettings = {
+ "update.mode" = "none";
+ "workbench.colorTheme" = "Minimal";
+ "editor.fontFamily" = "monospace";
+ "editor.tabSize" = 2;
+ "editor.minimap.enabled" = false;
+ "terminal.integrated.cursorStyle" = "underline";
+ "terminal.integrated.cursorStyleInactive" = "underline";
+ "terminal.integrated.fontFamily" = "monospace";
+ "terminal.integrated.fontSize" = 13;
+ "git.autofetch" = true;
+ "window.controlsStyle" = "custom";
+ };
+
+ extensions =
+ with pkgs.vscode-extensions;
+ [
+ github.copilot
+ adpyke.codesnap
+ esbenp.prettier-vscode
+ ]
+ ++ (optionals false [ ms-vscode.cmake-tools ])
+ ++ (optionals false [ ms-azuretools.vscode-docker ])
+ ++ (optionals false [ ms-python.python ])
+ ++ (optionals false [ golang.go ])
+ ++ (optionals false [ rust-lang.rust-analyzer ])
+ ++ (optionals false [ vscjava.vscode-maven ])
+ ++ (optionals false [ sumneko.lua ])
+ ++ (optionals false [ bradlc.vscode-tailwindcss ])
+ ++ (optionals true (
+ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
+ {
+ name = "minimalist-dark";
+ publisher = "nichabosh";
+ version = "1.0.0";
+ sha256 = "sha256-lw+Scfada6DycLdRT2Cz+Fd12JucglIrw3uRd2ZhabQ=";
+ }
+ ]
+ ));
+ };
+ };
+ };
+}
diff --git a/modules/programs/zed.nix b/modules/programs/zed.nix
new file mode 100644
index 0000000..0bee73e
--- /dev/null
+++ b/modules/programs/zed.nix
@@ -0,0 +1,40 @@
+{
+ flake.modules.homeManager.zed =
+ { ... }:
+ {
+ programs.zed-editor = {
+ enable = true;
+ extensions = [ "nix" ];
+ userSettings = {
+ telemetry = {
+ metrics = false;
+ };
+ title_bar = {
+ show_onboarding_banner = false;
+ show_project_items = false;
+ show_branch_name = false;
+ show_user_menu = false;
+ };
+ tab_bar.show = false;
+ toolbar.quick_actions = false;
+ status_bar."experimental.show" = false;
+ project_panel = {
+ dock = "right";
+ default_width = 400;
+ hide_root = true;
+ auto_fold_dirs = false;
+ starts_open = false;
+ git_status = false;
+ sticky_scroll = false;
+ scrollbar.show = "never";
+ indent_guides.show = "never";
+ };
+ outline_panel = {
+ default_width = 300;
+ indent_guides.show = "never";
+ };
+ file_finder.modal_max_width = "large";
+ };
+ };
+ };
+}
diff --git a/modules/programs/zsh.nix b/modules/programs/zsh.nix
new file mode 100644
index 0000000..c36c462
--- /dev/null
+++ b/modules/programs/zsh.nix
@@ -0,0 +1,62 @@
+{
+ flake.modules.homeManager.zsh =
+ {
+ pkgs,
+ ...
+ }:
+ {
+ home.packages = with pkgs; [
+ zoxide
+ ];
+
+ programs.zsh = {
+ enable = true;
+ enableCompletion = true;
+ autosuggestion.enable = true;
+ syntaxHighlighting.enable = true;
+ initContent = ''
+ # view man pages with nvim
+ export MANPAGER="nvim +Man!"
+
+ # Directory completion with trailing slash
+ zstyle ':completion:*' list-dirs-first true
+ zstyle ':completion:*' special-dirs true
+ zstyle ':completion:*' squeeze-slashes true
+ zstyle ':completion:*' add-space false
+
+ # Case-insensitive completion
+ zstyle ':completion:*' matcher-list 'm:{a-z}={A-Z}'
+ # vim keybindings
+ bindkey -v
+
+ # Auto cd - type directory name to cd into it
+ setopt AUTO_CD
+
+ # Complete .. to ../ for directory navigation
+ setopt AUTO_PARAM_SLASH
+
+ # zoxide smarter cmd command
+ eval "$(zoxide init zsh)"
+ '';
+ shellAliases = {
+ ls = "ls --color=auto";
+ };
+
+ zplug = {
+ enable = true;
+ plugins = [
+ { name = "mafredri/zsh-async"; }
+ {
+ name = "sindresorhus/pure";
+ tags = [
+ "as:theme"
+ "use:pure.zsh"
+ ];
+ }
+ { name = "zdharma-continuum/fast-syntax-highlighting"; }
+ { name = "zsh-users/zsh-autosuggestions"; }
+ ];
+ };
+ };
+ };
+}
diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix
deleted file mode 100644
index 966cdc8..0000000
--- a/modules/secrets/default.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ inputs, ... }:
-{
- imports = [ inputs.sops-nix.nixosModules.sops ];
- sops = {
- defaultSopsFile = inputs.self + /secrets/secrets.yaml;
- age.keyFile = "/etc/sops/age_key";
- secrets = {
- "borgbase_ssh_key" = {
- owner = "root";
- mode = "0600";
- };
- "nextcloud-secret" = {
- owner = "nextcloud";
- group = "nextcloud";
- mode = "0400";
- };
- "nextcloud-admin-pass" = {
- owner = "root";
- mode = "0600";
- };
- "ssh_github_key" = {
- owner = "administrator";
- mode = "0600";
- };
- "ssh_jonsbo_key" = {
- owner = "administrator";
- mode = "0600";
- };
- "ssh_sachiel_key" = {
- owner = "administrator";
- mode = "0600";
- };
- "borg_repo" = {
- owner = "root";
- mode = "0600";
- };
- "cert_fullchain" = {
- owner = "nginx";
- group = "nginx";
- };
- "cert_private" = {
- owner = "nginx";
- group = "nginx";
- };
- };
- };
-}
diff --git a/modules/services/dns.nix b/modules/services/dns.nix
new file mode 100644
index 0000000..1917bf0
--- /dev/null
+++ b/modules/services/dns.nix
@@ -0,0 +1,34 @@
+{
+ flake.modules.nixos.dns =
+ { lib, ... }:
+ let
+ servers = [
+ "1.1.1.1#cloudflare-dns.com"
+ "1.0.0.1#cloudflare-dns.com"
+ "9.9.9.9#dns.quad9.net"
+ "149.112.112.112#dns.quad9.net"
+ ];
+ fallbackServers = [
+ "8.8.8.8#dns.google"
+ "8.8.4.4#dns.google"
+ ];
+ in
+ {
+ services.resolved = {
+ enable = true;
+ settings = {
+ Resolve = {
+ DNS = servers;
+ FallbackDNS = fallbackServers;
+ DNSSEC = true;
+ DNSOverTLS = true;
+ Domains = [ "~." ];
+ };
+ };
+ };
+ networking = {
+ nameservers = servers;
+ networkmanager.dns = lib.mkDefault "systemd-resolved";
+ };
+ };
+}
diff --git a/modules/services/gpg.nix b/modules/services/gpg.nix
new file mode 100644
index 0000000..6b1f2a8
--- /dev/null
+++ b/modules/services/gpg.nix
@@ -0,0 +1,17 @@
+{
+ flake.modules.homeManager.gpg =
+ {
+ pkgs,
+ ...
+ }:
+ {
+ programs.gpg = {
+ enable = true;
+ };
+
+ services.gpg-agent = {
+ enable = true;
+ pinentry.package = if pkgs.stdenv.isDarwin then pkgs.pinentry_mac else pkgs.pinentry-curses;
+ };
+ };
+}
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
new file mode 100644
index 0000000..1c6e656
--- /dev/null
+++ b/modules/services/nextcloud.nix
@@ -0,0 +1,131 @@
+{
+ flake.modules.nixos.nextcloud =
+ {
+ config,
+ lib,
+ pkgs,
+ ...
+ }:
+ {
+ services.nextcloud = {
+ enable = true;
+ package = pkgs.nextcloud32;
+ hostName = "cloud.schererleander.de";
+ https = true;
+ database.createLocally = true;
+ maxUploadSize = "16G";
+ config = {
+ dbtype = "mysql";
+ adminuser = "schererleander";
+ adminpassFile = config.sops.secrets."nextcloud-admin-pass".path;
+ };
+ secrets = {
+ secret = config.sops.secrets."nextcloud-secret".path;
+ };
+ settings = {
+ maintenance_window_start = 2; # 02:00
+ default_phone_region = "de";
+ overwriteProtocol = "https";
+ trusted_domains = [ "cloud.schererleander.de" ];
+ logtimezone = config.time.timeZone;
+ log_type = "file";
+ # Disable mail functionality for single-user instance
+ mail_smtpmode = "null";
+ };
+ phpOptions."opcache.interned_strings_buffer" = "64";
+ };
+
+ services.nginx.virtualHosts = {
+ "cloud.schererleander.de" = {
+ forceSSL = true;
+ sslCertificate = config.sops.secrets."cert_fullchain".path;
+ sslCertificateKey = config.sops.secrets."cert_private".path;
+ };
+ };
+
+ services.borgbackup.jobs.nextcloud = {
+ paths = [
+ "/var/lib/nextcloud"
+ "/var/lib/backup/nextcloud/db"
+ ];
+ repo = "$BORG_REPO";
+ encryption.mode = "none";
+ user = "root";
+ group = "root";
+ environment = {
+ BORG_RSH = "ssh -i ${
+ config.sops.secrets."borgbase_ssh_key".path
+ } -o StrictHostKeyChecking=accept-new";
+ TMPDIR = "/var/tmp";
+ };
+ compression = "auto,lzma";
+ startAt = "daily";
+ readWritePaths = [
+ "/var/lib/backup"
+ "/var/lib/nextcloud"
+ ];
+ preHook = ''
+ set -euo pipefail
+
+ export BORG_REPO="$(cat ${config.sops.secrets."borg_repo".path})"
+
+ INSTALL="${pkgs.coreutils}/bin/install"
+ FIND="${pkgs.findutils}/bin/find"
+ MYSQLDUMP="${pkgs.mariadb.client}/bin/mariadb-dump"
+ GZIP="${pkgs.gzip}/bin/gzip"
+ OCC="${lib.getExe config.services.nextcloud.occ}"
+
+ # This command requires write access to /var/lib/backup.
+ $INSTALL -d -m 0750 -o root -g root /var/lib/backup/nextcloud/db
+
+ trap "$OCC maintenance:mode --off >/dev/null 2>&1 || true" EXIT
+
+ $OCC maintenance:mode --on
+
+ # Make a consistent database dump without locking the site.
+ $MYSQLDUMP --single-transaction --quick --lock-tables=false --databases nextcloud \
+ | $GZIP -c > /var/lib/backup/nextcloud/db/nextcloud-$(date +%F-%H%M%S).sql.gz
+
+ # Delete local dump files older than 14 days.
+ $FIND /var/lib/backup/nextcloud/db -type f -name "*.sql.gz" -mtime +14 -delete || true
+ '';
+ postHook = ''
+ set -euo pipefail
+ ${lib.getExe config.services.nextcloud.occ} maintenance:mode --off || true
+ '';
+ };
+
+ services.fail2ban = {
+ enable = true;
+ bantime = lib.mkDefault "1h";
+ jails = {
+ nextcloud = {
+ enabled = true;
+ settings = {
+ backend = "systemd";
+ journalmatch = "SYSLOG_IDENTIFIER=Nextcloud";
+ # END modification to work with syslog instead of logile
+ port = 443;
+ protocol = "tcp";
+ filter = "nextcloud";
+ maxretry = 3;
+ findtime = 43200;
+ };
+ };
+ };
+ };
+
+ environment.etc = {
+ # Adapted failregex for syslogs
+ "fail2ban/filter.d/nextcloud.local".text = pkgs.lib.mkDefault (
+ pkgs.lib.mkAfter ''
+ [Definition]
+ _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
+ failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
+ ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
+ datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
+ ''
+ );
+ };
+ };
+}
diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix
new file mode 100644
index 0000000..6ad4c0f
--- /dev/null
+++ b/modules/services/nginx.nix
@@ -0,0 +1,27 @@
+{
+ flake.modules.nixos.nginx =
+ { ... }:
+ {
+ services.nginx = {
+ enable = true;
+ recommendedGzipSettings = true;
+ recommendedOptimisation = true;
+ recommendedProxySettings = true;
+ recommendedTlsSettings = true;
+ appendHttpConfig = ''
+ map $scheme $hsts_header {
+ https "max-age=31536000; includeSubdomains; preload";
+ }
+ add_header Strict-Transport-Security $hsts_header;
+ #add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; connect-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'self';" always;
+ add_header 'Referrer-Policy' 'same-origin';
+ add_header X-Frame-Options DENY;
+ add_header X-Content-Type-Options nosniff;
+ '';
+ };
+ networking.firewall.allowedTCPPorts = [
+ 80
+ 443
+ ];
+ };
+}
diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix
new file mode 100644
index 0000000..68d1511
--- /dev/null
+++ b/modules/services/openssh.nix
@@ -0,0 +1,35 @@
+{
+ flake.modules.nixos.openssh =
+ {
+ lib,
+ ...
+ }:
+ {
+ services.openssh = {
+ enable = true;
+ ports = [ 8693 ];
+ settings = {
+ PasswordAuthentication = false;
+ X11Forwarding = false;
+ PermitRootLogin = "yes";
+ };
+ };
+ networking.firewall.allowedTCPPorts = [ 8693 ];
+
+ services.fail2ban = {
+ enable = true;
+ bantime = lib.mkDefault "1h";
+ jails = {
+ sshd = {
+ enabled = true;
+ settings = {
+ port = 8693;
+ backend = "systemd";
+ maxretry = 4;
+ findtime = "10m";
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/modules/services/site.nix b/modules/services/site.nix
new file mode 100644
index 0000000..d863dbc
--- /dev/null
+++ b/modules/services/site.nix
@@ -0,0 +1,20 @@
+{
+ flake.modules.nixos.site =
+ {
+ config,
+ inputs,
+ ...
+ }:
+ {
+ imports = [
+ inputs.site.nixosModules.default
+ ];
+
+ services.site = {
+ enable = true;
+ domain = "schererleander.de";
+ sslCertificate = config.sops.secrets."cert_fullchain".path;
+ sslCertificateKey = config.sops.secrets."cert_private".path;
+ };
+ };
+}
diff --git a/modules/services/sunshine.nix b/modules/services/sunshine.nix
new file mode 100644
index 0000000..69496f2
--- /dev/null
+++ b/modules/services/sunshine.nix
@@ -0,0 +1,13 @@
+{
+ flake.modules.nixos.sunshine =
+ { ... }:
+ {
+ services.sunshine = {
+ enable = true;
+ autoStart = true;
+ capSysAdmin = true;
+ openFirewall = true;
+ };
+ hardware.graphics.enable = true;
+ };
+}
diff --git a/modules/nixos/hardware/audio/default.nix b/modules/system/audio.nix
index 66c9606..4dd829b 100644
--- a/modules/nixos/hardware/audio/default.nix
+++ b/modules/system/audio.nix
@@ -1,12 +1,5 @@
-{ config, lib, ... }:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.hardware.audio;
-in
{
- options.nx.hardware.audio.enable = mkEnableOption "PipeWire audio";
-
- config = mkIf cfg.enable {
+ flake.modules.nixos.audio = {
security.rtkit.enable = true;
services.pipewire = {
enable = true;
diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/system/bluetooth.nix
index 1bb9014..2935b7d 100644
--- a/modules/nixos/hardware/bluetooth/default.nix
+++ b/modules/system/bluetooth.nix
@@ -1,12 +1,5 @@
-{ config, lib, ... }:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.hardware.bluetooth;
-in
{
- options.nx.hardware.bluetooth.enable = mkEnableOption "Bluetooth support";
-
- config = mkIf cfg.enable {
+ flake.modules.nixos.bluetooth = {
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
diff --git a/modules/system/kde.nix b/modules/system/kde.nix
new file mode 100644
index 0000000..f5b396b
--- /dev/null
+++ b/modules/system/kde.nix
@@ -0,0 +1,17 @@
+{
+ flake.modules.nixos.kde =
+ { pkgs, ... }:
+ {
+ services.displayManager.sddm = {
+ enable = true;
+ wayland.enable = true;
+ };
+ services.desktopManager.plasma6.enable = true;
+ security.pam.services.sddm.enableKwallet = true;
+ environment.plasma6.excludePackages = with pkgs.kdePackages; [
+ elisa
+ kate
+ ];
+ environment.systemPackages = with pkgs.kdePackages; [ kcalc ];
+ };
+}
diff --git a/modules/system/mullvad-vpn.nix b/modules/system/mullvad-vpn.nix
new file mode 100644
index 0000000..ac17615
--- /dev/null
+++ b/modules/system/mullvad-vpn.nix
@@ -0,0 +1,11 @@
+{
+ flake.modules.nixos.mullvad-vpn =
+ {
+ pkgs,
+ ...
+ }:
+ {
+ services.mullvad-vpn.enable = true;
+ environment.systemPackages = [ pkgs.mullvad-vpn ];
+ };
+}
diff --git a/modules/system/plymouth.nix b/modules/system/plymouth.nix
new file mode 100644
index 0000000..17ccddc
--- /dev/null
+++ b/modules/system/plymouth.nix
@@ -0,0 +1,31 @@
+{
+ flake.modules.nixos.plymouth =
+ { lib, pkgs, ... }:
+ {
+ boot = {
+ # Show password prompt for encrypted root
+ initrd.systemd.enable = true;
+ kernelParams = [ "quiet" ];
+ loader.systemd-boot.consoleMode = "max";
+ plymouth = {
+ enable = true;
+ theme = "loader_2";
+ themePackages = with pkgs; [
+ (adi1090x-plymouth-themes.override {
+ selected_themes = [
+ #"lone"
+ #"red_loader"
+ #"cuts_alt"
+ #"abstract_ring_alt"
+ "loader_2"
+ #"sliced"
+ #"spinner_alt"
+ #"sphere"
+ #"loader"
+ ];
+ })
+ ];
+ };
+ };
+ };
+}
diff --git a/modules/system/printer.nix b/modules/system/printer.nix
new file mode 100644
index 0000000..382fc1a
--- /dev/null
+++ b/modules/system/printer.nix
@@ -0,0 +1,15 @@
+{
+ flake.modules.nixos.printer =
+ { pkgs, ... }:
+ {
+ services.printing = {
+ enable = true;
+ drivers = [ pkgs.brlaser ];
+ };
+ services.avahi = {
+ enable = true;
+ nssmdns4 = true;
+ openFirewall = true;
+ };
+ };
+}
diff --git a/modules/system/secrets.nix b/modules/system/secrets.nix
new file mode 100644
index 0000000..e59c7da
--- /dev/null
+++ b/modules/system/secrets.nix
@@ -0,0 +1,50 @@
+{
+ flake.modules.nixos.secrets =
+ { inputs, ... }:
+ {
+ imports = [ inputs.sops-nix.nixosModules.sops ];
+ sops = {
+ defaultSopsFile = inputs.self + /secrets/secrets.yaml;
+ age.keyFile = "/etc/sops/age_key";
+ secrets = {
+ "borgbase_ssh_key" = {
+ owner = "root";
+ mode = "0600";
+ };
+ "nextcloud-secret" = {
+ owner = "nextcloud";
+ group = "nextcloud";
+ mode = "0400";
+ };
+ "nextcloud-admin-pass" = {
+ owner = "root";
+ mode = "0600";
+ };
+ "ssh_github_key" = {
+ owner = "administrator";
+ mode = "0600";
+ };
+ "ssh_jonsbo_key" = {
+ owner = "administrator";
+ mode = "0600";
+ };
+ "ssh_sachiel_key" = {
+ owner = "administrator";
+ mode = "0600";
+ };
+ "borg_repo" = {
+ owner = "root";
+ mode = "0600";
+ };
+ "cert_fullchain" = {
+ owner = "nginx";
+ group = "nginx";
+ };
+ "cert_private" = {
+ owner = "nginx";
+ group = "nginx";
+ };
+ };
+ };
+ };
+}
diff --git a/modules/system/wooting.nix b/modules/system/wooting.nix
new file mode 100644
index 0000000..e2240ab
--- /dev/null
+++ b/modules/system/wooting.nix
@@ -0,0 +1,11 @@
+{
+ flake.modules.nixos.wooting =
+ {
+ pkgs,
+ ...
+ }:
+ {
+ services.udev.packages = [ pkgs.wooting-udev-rules ];
+ environment.systemPackages = [ pkgs.wootility ];
+ };
+}
diff --git a/modules/users/schererleander/configuration.nix b/modules/users/schererleander/configuration.nix
new file mode 100644
index 0000000..af96789
--- /dev/null
+++ b/modules/users/schererleander/configuration.nix
@@ -0,0 +1,22 @@
+{
+ flake.modules.homeManager.schererleander =
+ { inputs, ... }:
+ {
+ imports = with inputs.self.modules.homeManager; [
+ gpg
+ git
+ zsh
+ opencode
+ neovim
+ zed
+ nixcord
+ spicetify
+ obsidian
+ ];
+
+ home = {
+ username = "schererleander";
+ stateVersion = "25.05";
+ };
+ };
+}
diff --git a/modules/users/schererleander/darwin.nix b/modules/users/schererleander/darwin.nix
new file mode 100644
index 0000000..a4ef2a4
--- /dev/null
+++ b/modules/users/schererleander/darwin.nix
@@ -0,0 +1,14 @@
+{
+ flake.modules.darwin.home-manager =
+ { inputs, ... }:
+ {
+ imports = [ inputs.home-manager.darwinModules.home-manager ];
+
+ home-manager = {
+ useGlobalPkgs = true;
+ useUserPackages = true;
+ extraSpecialArgs = { inherit inputs; };
+ users.schererleander = inputs.self.modules.homeManager.schererleander;
+ };
+ };
+}
diff --git a/modules/users/schererleander/flake-parts.nix b/modules/users/schererleander/flake-parts.nix
new file mode 100644
index 0000000..fa43869
--- /dev/null
+++ b/modules/users/schererleander/flake-parts.nix
@@ -0,0 +1,28 @@
+{ inputs, ... }:
+{
+ flake.homeConfigurations = {
+ # NixOS configuration for adam workstation
+ "schererleander@adam" = inputs.home-manager.lib.homeManagerConfiguration {
+ pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
+ extraSpecialArgs = { inherit inputs; };
+ modules = [
+ inputs.self.modules.homeManager.user-schererleander
+ {
+ home.homeDirectory = "/home/schererleander";
+ }
+ ];
+ };
+
+ # Darwin configuration for lilith laptop
+ "schererleander@lilith" = inputs.home-manager.lib.homeManagerConfiguration {
+ pkgs = inputs.nixpkgs.legacyPackages.aarch64-darwin;
+ extraSpecialArgs = { inherit inputs; };
+ modules = [
+ inputs.self.modules.homeManager.user-schererleander
+ {
+ home.homeDirectory = "/Users/schererleander";
+ }
+ ];
+ };
+ };
+}
diff --git a/modules/users/schererleander/nixos.nix b/modules/users/schererleander/nixos.nix
new file mode 100644
index 0000000..0a34e7b
--- /dev/null
+++ b/modules/users/schererleander/nixos.nix
@@ -0,0 +1,14 @@
+{
+ flake.modules.nixos.home-manager =
+ { inputs, ... }:
+ {
+ imports = [ inputs.home-manager.nixosModules.home-manager ];
+
+ home-manager = {
+ useGlobalPkgs = true;
+ useUserPackages = true;
+ extraSpecialArgs = { inherit inputs; };
+ users.schererleander = inputs.self.modules.homeManager.schererleander;
+ };
+ };
+}
generated by cgit v1.3.1 (git 2.54.0) at 2026-05-30 19:16:38 +0000